redline | 80ec921ab70600f8214f19be8afc2833fef6a29d6d9bc625e6296204dec649bc | Triage

Sharing

General

Target

file
Size

1.4MB
Sample

231010-zaj7xsbd99
MD5

eeb8a6c6433dd3b3b1dba0f9b41b74ed
SHA1

f11c21d49622c6b9f1fa1c2bbc7489d0eb1168fa
SHA256

80ec921ab70600f8214f19be8afc2833fef6a29d6d9bc625e6296204dec649bc
SHA512

839cafd0f1a911cb8e2add7a5ad3c62b7a9409551d98d5a5ab9845df9bc4c1f3559d58de32a138475e0354810361f825c795c43de3652ce485b4465428d08e63
SSDEEP

24576:9+yzyicBpqoZTgVifptq6PQMS9J41x9b9H:9SBpqoZTgY1PdSr4vVB

Score

10^/10

redline @oleh_ps infostealer

Malware Config

Extracted

Family

redline

Botnet

@oleh_ps

C2

176.123.4.46:33783

Attributes

auth_value
94ecdfa2eb126d66ce500353b2fa9112

Targets

- Target
  
  file
- Size
  
  1.4MB
- MD5
  
  eeb8a6c6433dd3b3b1dba0f9b41b74ed
- SHA1
  
  f11c21d49622c6b9f1fa1c2bbc7489d0eb1168fa
- SHA256
  
  80ec921ab70600f8214f19be8afc2833fef6a29d6d9bc625e6296204dec649bc
- SHA512
  
  839cafd0f1a911cb8e2add7a5ad3c62b7a9409551d98d5a5ab9845df9bc4c1f3559d58de32a138475e0354810361f825c795c43de3652ce485b4465428d08e63
- SSDEEP
  
  24576:9+yzyicBpqoZTgVifptq6PQMS9J41x9b9H:9SBpqoZTgY1PdSr4vVB
Score

10^/10

redline @oleh_ps infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline@oleh_psinfostealer

behavioral2

redline@oleh_psinfostealer