redline | 28b969497214b4f71c42fa0507c91f63ad4528b6954a0a16250cdde2e7ecfa35 | Triage

Submit
Reports

Overview

overview

Static

static

3

cdad0022f1...16.exe

windows7-x64

cdad0022f1...16.exe

windows10-2004-x64

Sharing

General

Target

28b969497214b4f71c42fa0507c91f63ad4528b6954a0a16250cdde2e7ecfa35
Size

161KB
Sample

241107-b8y7qstalk
MD5

0563dfc171b292ebbf7ecd5564899280
SHA1

fe502c0fea532dedba12a05d60b76c80cbef7225
SHA256

28b969497214b4f71c42fa0507c91f63ad4528b6954a0a16250cdde2e7ecfa35
SHA512

9c33f64dfbed879fcc1f1f56f09d916b8f8aa98797e0e6e811d08194962ba4391f1e1e9e0350fe93d9623da32138243f3c9a1b643d2c0705b0869cc4f82328a6
SSDEEP

3072:jZi5YqGc2UpeVT9f5QCPEDRxxiiw8NyDXwS0h5u25YB0f8Vp4WrLX:Vi5YqGeOT9f5Q9DPy8g7q5u25Y60p4WX

Score

10^/10

redline pub3 discovery infostealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

cdad0022f17eb4230de562bf70835ed58b26afa96c8cfa470a4ba541b5a4d816.exe

Resource

win7-20241010-en

redline pub3 discovery infostealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

cdad0022f17eb4230de562bf70835ed58b26afa96c8cfa470a4ba541b5a4d816.exe

Resource

win10v2004-20241007-en

redline pub3 discovery infostealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

pub3

C2

89.22.231.25:45245

Attributes

auth_value
ffd0fd0d5630c2c573c643bde2ed50b3

Targets

- Target
  
  cdad0022f17eb4230de562bf70835ed58b26afa96c8cfa470a4ba541b5a4d816
- Size
  
  355KB
- MD5
  
  a4c70d54ba1052681f251618d9d9fc1f
- SHA1
  
  bf4e172a65f5271d5c60c3219f36bb15d0d2f585
- SHA256
  
  cdad0022f17eb4230de562bf70835ed58b26afa96c8cfa470a4ba541b5a4d816
- SHA512
  
  6f7865419dab62b3c44a8f530eb2e62932bb807f8cad8d023f318d4207d5aac81cf6a14905b5bfa2d7f1c694bb94722b98798ba905cbef968ce6ef3edbdf81d6
- SSDEEP
  
  6144:xco+Nypp0QGxJ1ryIj7AOqs4xxgI2Zf5Znns1Jl:F+Nypp0QEp7cs4xxgpNs1J
Score

10^/10

redline pub3 discovery infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinepub3discoveryinfostealer

behavioral2

redlinepub3discoveryinfostealer

© 2018-2024

Terms | Privacy