Overview

overview

10

Static

static

3

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Resubmissions

03-09-2023 10:34

230903-ml8nfahc2x 10

03-09-2023 10:31

230903-mkk6rahe74 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file

  • Size

    1.9MB

  • Sample

    230903-mkk6rahe74

  • MD5

    74d00d97c125a4b2c7b6affedcb0d5ea

  • SHA1

    264768bbce5f67283a8d8dde0edddda345cc2136

  • SHA256

    f028eb7c28f4ad3126755a211a47f206812b182adb4ddb45c225802af1a27eab

  • SHA512

    082b42016bf199af19c4244a313c172e96e6614d0326cf302b9b304418342acb9c26efffbbfdff8d5b8a538c046be3a6e2d324cbc4c460d97891733ee367ca00

  • SSDEEP

    24576:rmiZG6vS2CIP7tZJWDBtXGTabfdjSsAG2:zvS2CIP7DJU2ORS7

Score
10/10
redline1006infostealerspyware

Malware Config

Extracted

Family

redline

Botnet

1006

C2

176.123.9.142:14845

Attributes
  • auth_value

    b5da80860b093905c2bba6f9377af704

Targets

    • Target

      file

    • Size

      1.9MB

    • MD5

      74d00d97c125a4b2c7b6affedcb0d5ea

    • SHA1

      264768bbce5f67283a8d8dde0edddda345cc2136

    • SHA256

      f028eb7c28f4ad3126755a211a47f206812b182adb4ddb45c225802af1a27eab

    • SHA512

      082b42016bf199af19c4244a313c172e96e6614d0326cf302b9b304418342acb9c26efffbbfdff8d5b8a538c046be3a6e2d324cbc4c460d97891733ee367ca00

    • SSDEEP

      24576:rmiZG6vS2CIP7tZJWDBtXGTabfdjSsAG2:zvS2CIP7DJU2ORS7

    Score
    10/10
    redline1006infostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks