redline | 40611bded831e26f90f03e77aef25d5f9dd25f107e8639356b4f1974685ea99e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

40611bded831e26f90f03e77aef25d5f9dd25f107e8639356b4f1974685ea99eN
Size

304KB
Sample

241002-whck9ssgjg
MD5

edcea1334dfa16d63638ec6a3064b200
SHA1

6d36aabb774c5764733060e274d0f6e9b5f5e880
SHA256

40611bded831e26f90f03e77aef25d5f9dd25f107e8639356b4f1974685ea99e
SHA512

4b7588422dd384f35f601ec5d383c1b6703046cb24d894d69a9bdc8f3c7561692c282621e333d9ca22352ebc7e48f9a6d7906c99b767fb2fa9cdeca39fa8184b
SSDEEP

3072:Rq6EgY6iYrUjxQMbwPP91cQAjlaoR0TAstdSiwVcZqf7D34leqiOLibBOT:wqY6i/wP0xXR0TA4duVcZqf7DIvL

Score

10^/10

redline pdf.exe discovery infostealer

Malware Config

Extracted

Family

redline

Botnet

pdf.exe

C2

31.177.108.40:9564

Targets

- Target
  
  40611bded831e26f90f03e77aef25d5f9dd25f107e8639356b4f1974685ea99eN
- Size
  
  304KB
- MD5
  
  edcea1334dfa16d63638ec6a3064b200
- SHA1
  
  6d36aabb774c5764733060e274d0f6e9b5f5e880
- SHA256
  
  40611bded831e26f90f03e77aef25d5f9dd25f107e8639356b4f1974685ea99e
- SHA512
  
  4b7588422dd384f35f601ec5d383c1b6703046cb24d894d69a9bdc8f3c7561692c282621e333d9ca22352ebc7e48f9a6d7906c99b767fb2fa9cdeca39fa8184b
- SSDEEP
  
  3072:Rq6EgY6iYrUjxQMbwPP91cQAjlaoR0TAstdSiwVcZqf7D34leqiOLibBOT:wqY6i/wP0xXR0TA4duVcZqf7DIvL
Score

10^/10

redline pdf.exe discovery infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinepdf.exediscoveryinfostealer

behavioral2

redlinepdf.exediscoveryinfostealer