Overview

overview

10

Static

static

3

50ab57ec39...04.exe

windows7-x64

10

50ab57ec39...04.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dcf8d0e2891180df4bd80aaa2193dd38f066e2e92564e63c3e37cd75478211c2

  • Size

    161KB

  • Sample

    241105-mnt8tszgqk

  • MD5

    77aac741eb49f30bccb579a813529b1a

  • SHA1

    ef4aaff454be6aa0da31a1ae1e0061f99cf3aced

  • SHA256

    dcf8d0e2891180df4bd80aaa2193dd38f066e2e92564e63c3e37cd75478211c2

  • SHA512

    8bde18ec6b85f78dcf33c84fbb6ab72446b8178d2f1ef6f8524226c2cee2ab839c7577316d3d34d79654b3ef537ac0a5e4b8f909b5ff576efddbdfa61f01c301

  • SSDEEP

    3072:fkR+6ptS3Iwv8BiQ/Q/HLEjzb6iTnIMc1a3K9xjUW3ZywiVW:JhN1Ksoj6i69xjUoZyFs

Score
10/10
redlinepub2discoveryinfostealer

Malware Config

Extracted

Family

redline

Botnet

pub2

C2

89.22.231.25:45245

Attributes
  • auth_value

    ea9464d486a641bb513057e5f63399e1

Targets

    • Target

      50ab57ec39642fb2d98e3bd5b412eb0b90db8f6c4d8c19993d534186073f1c04.exe

    • Size

      354KB

    • MD5

      c399c3d52b5dc4d60230e1da4daf358d

    • SHA1

      52f59971296960fda1376f7731b797049a7965c3

    • SHA256

      50ab57ec39642fb2d98e3bd5b412eb0b90db8f6c4d8c19993d534186073f1c04

    • SHA512

      dd80306d9c7a6f7a1062b5834fd3ccd9b295ce021fd3ee86e8a3406811fbb6b1a2f8ac4e5a901653ad9490f5a22b01c92f234655fa6008d0aca70f153f952f3c

    • SSDEEP

      6144:eLbeeki6964UMvt1M3U7AOA2Woe+yYzFQ0eh/eUfhMLa5/:AiekcWx7a0yZ0XUfAa5

    Score
    10/10
    redlinepub2discoveryinfostealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks