redline | cb70ad60ec16341e48b3e80868ea7fdcd3f630723dfa6335d7b79ed01dcd7634 | Triage

Submit
Reports

Overview

overview

Static

static

3

winprofile

windows7-x64

winprofile

windows10-1703-x64

Sharing

General

Target

cb70ad60ec16341e48b3e80868ea7fdcd3f630723dfa6335d7b79ed01dcd7634
Size

1.1MB
Sample

231024-fhfd6aaf7v
MD5

290286f421ecf2742a5b1613b7290737
SHA1

86c98ef6b85eb3b199d6174f69136ac131f4de0d
SHA256

cb70ad60ec16341e48b3e80868ea7fdcd3f630723dfa6335d7b79ed01dcd7634
SHA512

e4eb7f96b4a7c5339950c5edbe313a0f1c73c01d87c954072c2710fcd596a11cc14d93ab1590c5bfb0640b59904b9e9d1b6de819f0d0fe0b6e4fda6c5a41383b
SSDEEP

24576:MZ8JWFMMh4jlauXOMd6XuCIOj2HgXsMSq:MZAMh4jlNXDgD+gcH

Score

10^/10

redline @oleh_ps infostealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

cb70ad60ec16341e48b3e80868ea7fdcd3f630723dfa6335d7b79ed01dcd7634.exe

Resource

win7-20231020-en

redline @oleh_ps infostealer

windows7-x64

5 signatures

300 seconds

Behavioral task

behavioral2

Sample

cb70ad60ec16341e48b3e80868ea7fdcd3f630723dfa6335d7b79ed01dcd7634.exe

Resource

win10-20231020-en

redline @oleh_ps infostealer

windows10-1703-x64

5 signatures

300 seconds

Malware Config

Extracted

Family

redline

Botnet

@oleh_ps

C2

185.216.70.238:37515

Targets

- Target
  
  cb70ad60ec16341e48b3e80868ea7fdcd3f630723dfa6335d7b79ed01dcd7634
- Size
  
  1.1MB
- MD5
  
  290286f421ecf2742a5b1613b7290737
- SHA1
  
  86c98ef6b85eb3b199d6174f69136ac131f4de0d
- SHA256
  
  cb70ad60ec16341e48b3e80868ea7fdcd3f630723dfa6335d7b79ed01dcd7634
- SHA512
  
  e4eb7f96b4a7c5339950c5edbe313a0f1c73c01d87c954072c2710fcd596a11cc14d93ab1590c5bfb0640b59904b9e9d1b6de819f0d0fe0b6e4fda6c5a41383b
- SSDEEP
  
  24576:MZ8JWFMMh4jlauXOMd6XuCIOj2HgXsMSq:MZAMh4jlNXDgD+gcH
Score

10^/10

redline @oleh_ps infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline@oleh_psinfostealer

behavioral2

redline@oleh_psinfostealer

© 2018-2024

Terms | Privacy