redline | bdf51bec10ffe9224a476224317213979598f7b18af279b6d0aea7da1647653d | Triage

Sharing

General

Target

Akrien.zip
Size

8.7MB
Sample

231202-xlq4hafa59
MD5

404ed26a45fa12434cb97b8c41f98165
SHA1

549e4eb010a873bbf953a84be30332cdc2728c47
SHA256

bdf51bec10ffe9224a476224317213979598f7b18af279b6d0aea7da1647653d
SHA512

8b613a8c689db875033863580de4581a155930b61074901fcdb56be45b8839827b4ff11ae555dbd871dc77cb9639c09ff1c0a5a2bc22ee6b37435f2431735901
SSDEEP

196608:jXUADm9a+/R03WZ6igsUwqFHAH38XIcN/hyatF73R3Zgg:Fh+/u3W8iG54cNwatF73xZgg

Score

10^/10

redline 317323864_99 infostealer

Malware Config

Extracted

Family

redline

Botnet

317323864_99

C2

cellrepairs.top:28786

Attributes

auth_value
f2e3e444ae87c9cf96cb2fcb7e8a63c4

Targets

- Target
  
  Akrien.zip
- Size
  
  8.7MB
- MD5
  
  404ed26a45fa12434cb97b8c41f98165
- SHA1
  
  549e4eb010a873bbf953a84be30332cdc2728c47
- SHA256
  
  bdf51bec10ffe9224a476224317213979598f7b18af279b6d0aea7da1647653d
- SHA512
  
  8b613a8c689db875033863580de4581a155930b61074901fcdb56be45b8839827b4ff11ae555dbd871dc77cb9639c09ff1c0a5a2bc22ee6b37435f2431735901
- SSDEEP
  
  196608:jXUADm9a+/R03WZ6igsUwqFHAH38XIcN/hyatF73R3Zgg:Fh+/u3W8iG54cNwatF73xZgg
Score

10^/10

redline 317323864_99 infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline317323864_99infostealer