Overview

overview

10

Static

static

3

957ffb2444...04.exe

windows7-x64

10

957ffb2444...04.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4b343e9758b956526e75eaf9ee570b8c2bc74fef6335025f6321f5c68f6ac736

  • Size

    161KB

  • Sample

    241105-kbc3nsxkes

  • MD5

    3a3312387df708e2871d4252875efd9c

  • SHA1

    af73e1211ee3b5677136c7adc51a948e534beba9

  • SHA256

    4b343e9758b956526e75eaf9ee570b8c2bc74fef6335025f6321f5c68f6ac736

  • SHA512

    64197852108cb586512df880a03d785b1ed9b408ecac69c3fa75795fda6883ea91f4718c6c5442abb2d7f21d482f424252a01a2f10bcb14f04c8139ddad59830

  • SSDEEP

    3072:Uv4o0qhUAmGdhIBEJ15PhQQPErbqZiiw8z7Z4iRcxXAUp5r6PXFJV:bLsdh7Q3rX8zd4iRCF6Pp

Score
10/10
redlinepub2discoveryinfostealer

Malware Config

Extracted

Family

redline

Botnet

pub2

C2

89.22.231.25:45245

Attributes
  • auth_value

    ea9464d486a641bb513057e5f63399e1

Targets

    • Target

      957ffb24446c47186ba3d4d04577d73dd20d971034dbe0e052950fc890437604

    • Size

      356KB

    • MD5

      26380aa6fa2b0fc21a8b8ea2288f5e2c

    • SHA1

      992c621d14186ad681446557524fadf9665913d4

    • SHA256

      957ffb24446c47186ba3d4d04577d73dd20d971034dbe0e052950fc890437604

    • SHA512

      193edc695754bc343bdb09fabba2a954d1d417de1fe1b2fdf23b51482f952a1ca464a0670bd2a311cb26e1e387699320d4be641b5e30cbae392c7620cdb4742d

    • SSDEEP

      6144:dcOeNahNPMQWRBlTywS7AOeORRyKgYBb+DcUt/gukWs1Jl:neNahxMQs47kORRyKFEDu31J

    Score
    10/10
    redlinepub2discoveryinfostealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks