Overview

overview

10

Static

static

3

b3ecf50e23...07.exe

windows7-x64

10

b3ecf50e23...07.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5ce583350be96bf22df2996dcc56ba2b0f4ce2fc6025a105f542cff8d394cd7d

  • Size

    183KB

  • Sample

    241107-t4vmvswbrk

  • MD5

    495268a2be5552fc4ee319efd5785597

  • SHA1

    2c813da06dea5607bc3da0ac787122ee5748638e

  • SHA256

    5ce583350be96bf22df2996dcc56ba2b0f4ce2fc6025a105f542cff8d394cd7d

  • SHA512

    3fdc5ca15163122847276fb6a904dc91871d14999bb05488c62dc3a25b0ce193f8a88aee99fe453dc9768cdcdaa855b300faf7df74c72e7f3e58d7aaabd0fec0

  • SSDEEP

    3072:gK19M7mQX6JvRRsibmw2UzZj9ijc4RN/udVW4SVw/v7m8xtM6HdxcUrBl3CY9+vR:h9u05RJStm9u/u7W4ew/v7m8xdxcUrv0

Score
10/10
redlinepub2discoveryinfostealer

Malware Config

Extracted

Family

redline

Botnet

pub2

C2

89.22.231.55:45245

Attributes
  • auth_value

    ea9464d486a641bb513057e5f63399e1

Targets

    • Target

      b3ecf50e232abd59a59b8015ff03f74e4b1285dd65d04ea0053de8bf1fc0b907

    • Size

      397KB

    • MD5

      4463991e4f75a4ac9817c7a7df9f221e

    • SHA1

      6d1d5dae4571bbfe885e3d74999d1e29fc5d785c

    • SHA256

      b3ecf50e232abd59a59b8015ff03f74e4b1285dd65d04ea0053de8bf1fc0b907

    • SHA512

      b937936b3c1343f614bca64d4f22af33ac533748d5c667f64104567a8aeb5a0f193c7e966666734a08212c6e778e1adea20477c522b03ab1e0171278d11b756c

    • SSDEEP

      6144:D+hp0xIyuQ3QTprP30jUISJTfAOms8p+Rq1/spHFrGKSa:Dip0xIyuQgV9cs8gRwta

    Score
    10/10
    redlinepub2discoveryinfostealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks