redline | 261efd4ff095c447e6a4221afd063d486625d4e975a3f7c9f9d64660f9b9f25e | Triage

Sharing

General

Target

file.exe
Size

1.0MB
Sample

231011-g99bzsfb71
MD5

73e8ac07797b8b0eb7142d10f5837ca1
SHA1

64f16a7fb7be54a5e5f9fb60b7f610cc4a0cf9f5
SHA256

261efd4ff095c447e6a4221afd063d486625d4e975a3f7c9f9d64660f9b9f25e
SHA512

f7e1efb09150c1d3fdd8ce5eb189992be35d8fbac750d9b60cfd0b8e2889b96da46584ae0d26e9dd91853d46a38b7959cd0893293199286e3429678629bc5898
SSDEEP

24576:FM5TBoyJAzoy99wIqbQfgia8gzhYT/iybuvQqxQV:FM5TBoyy99wISQB2KT/mvQqxQ

Score

10^/10

redline @oleh_ps infostealer

Malware Config

Extracted

Family

redline

Botnet

@oleh_ps

C2

176.123.4.46:33783

Attributes

auth_value
94ecdfa2eb126d66ce500353b2fa9112

Targets

- Target
  
  file.exe
- Size
  
  1.0MB
- MD5
  
  73e8ac07797b8b0eb7142d10f5837ca1
- SHA1
  
  64f16a7fb7be54a5e5f9fb60b7f610cc4a0cf9f5
- SHA256
  
  261efd4ff095c447e6a4221afd063d486625d4e975a3f7c9f9d64660f9b9f25e
- SHA512
  
  f7e1efb09150c1d3fdd8ce5eb189992be35d8fbac750d9b60cfd0b8e2889b96da46584ae0d26e9dd91853d46a38b7959cd0893293199286e3429678629bc5898
- SSDEEP
  
  24576:FM5TBoyJAzoy99wIqbQfgia8gzhYT/iybuvQqxQV:FM5TBoyy99wISQB2KT/mvQqxQ
Score

10^/10

redline @oleh_ps infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline@oleh_psinfostealer

behavioral2

redline@oleh_psinfostealer