redline | ea28eb3e05ef8fe150ca0d876df588189bb1fe887a7980d68030862fc0508732 | Triage

Submit
Reports

Overview

overview

Static

static

3

Patch.exe

windows7-x64

Patch.exe

windows10-2004-x64

Patch.exe

windows11-21h2-x64

Sharing

General

Target

Patch.exe
Size

300.6MB
Sample

240405-g9qjwadg51
MD5

93012a266eff83ebf81f41b696f0afe2
SHA1

450b5561d703e02d7e2e3c8edb5a61cf585c3946
SHA256

ea28eb3e05ef8fe150ca0d876df588189bb1fe887a7980d68030862fc0508732
SHA512

4d268665baf702bbc902a5351a5ad7230d681b9409ede4f379828446ba27efc78c5bd569172dc25c3f6322668b10466a0ec4146047bf68e6d23b094f956da000
SSDEEP

6144:NVeUT4Kbjq06viONri4LuzOG25JDOMpkMQ2SAYUa/qqdhxMht:NYrED6vXNHLuzOG25JtB8A/abM3

Score

10^/10

redline 1 infostealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Patch.exe

Resource

win7-20240221-en

redline 1 infostealer

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

Patch.exe

Resource

win10v2004-20240226-en

redline 1 infostealer

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral3

Sample

Patch.exe

Resource

win11-20240221-en

redline 1 infostealer

windows11-21h2-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

1

C2

65.21.98.68:18721

Attributes

auth_value
6c69d40026f4e6ecde0e32048f7bacd4

Targets

- Target
  
  Patch.exe
- Size
  
  300.6MB
- MD5
  
  93012a266eff83ebf81f41b696f0afe2
- SHA1
  
  450b5561d703e02d7e2e3c8edb5a61cf585c3946
- SHA256
  
  ea28eb3e05ef8fe150ca0d876df588189bb1fe887a7980d68030862fc0508732
- SHA512
  
  4d268665baf702bbc902a5351a5ad7230d681b9409ede4f379828446ba27efc78c5bd569172dc25c3f6322668b10466a0ec4146047bf68e6d23b094f956da000
- SSDEEP
  
  6144:NVeUT4Kbjq06viONri4LuzOG25JDOMpkMQ2SAYUa/qqdhxMht:NYrED6vXNHLuzOG25JtB8A/abM3
Score

10^/10

redline 1 infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redline1infostealer

behavioral2

redline1infostealer

behavioral3

redline1infostealer

© 2018-2024

Terms | Privacy