redline | c61c9ed0fdbcc1a5be82feb4895fe1a553659738137d8ed319c9f63ad301e423 | Triage

Submit
Reports

Overview

overview

Static

static

3

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

c61c9ed0fdbcc1a5be82feb4895fe1a553659738137d8ed319c9f63ad301e423
Size

484KB
Sample

240319-xpejwacc62
MD5

5e88980bb982663f2d687fd72bacd880
SHA1

04ea23d8cc91ee71b13476b4b60eee4fe478e01c
SHA256

c61c9ed0fdbcc1a5be82feb4895fe1a553659738137d8ed319c9f63ad301e423
SHA512

06b744b1a238c76b90a1182315838ee22e240cbd33d7ba9fabca344abca6e52e20fdfcd965febc18d82d05ad478aff7a4720715d7ed124ead75d9b91afc8301d
SSDEEP

12288:+h1Fk70Tnvjct35lxE/Ui3kzubOm45V2dHgEIqSOJ:Ik70TrcZxE/USkzuN8OJ

Score

10^/10

redline siski infostealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c61c9ed0fdbcc1a5be82feb4895fe1a553659738137d8ed319c9f63ad301e423.exe

Resource

win10v2004-20240226-en

redline siski infostealer

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

c61c9ed0fdbcc1a5be82feb4895fe1a553659738137d8ed319c9f63ad301e423.exe

Resource

win11-20240221-en

redline siski infostealer

windows11-21h2-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

siski

C2

168.119.242.255:7742

Targets

- Target
  
  c61c9ed0fdbcc1a5be82feb4895fe1a553659738137d8ed319c9f63ad301e423
- Size
  
  484KB
- MD5
  
  5e88980bb982663f2d687fd72bacd880
- SHA1
  
  04ea23d8cc91ee71b13476b4b60eee4fe478e01c
- SHA256
  
  c61c9ed0fdbcc1a5be82feb4895fe1a553659738137d8ed319c9f63ad301e423
- SHA512
  
  06b744b1a238c76b90a1182315838ee22e240cbd33d7ba9fabca344abca6e52e20fdfcd965febc18d82d05ad478aff7a4720715d7ed124ead75d9b91afc8301d
- SSDEEP
  
  12288:+h1Fk70Tnvjct35lxE/Ui3kzubOm45V2dHgEIqSOJ:Ik70TrcZxE/USkzuN8OJ
Score

10^/10

redline siski infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

redlinesiskiinfostealer

behavioral2

redlinesiskiinfostealer

© 2018-2024

Terms | Privacy