Overview

overview

10

Static

static

3

cea34dcb47...d3.exe

windows7-x64

10

cea34dcb47...d3.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    358223636fd7971121ce2e7a5de5e5f569f29a412f5b42458a74922f7219ddb3

  • Size

    120KB

  • Sample

    241108-n3f57a1lcs

  • MD5

    c0aedd2f6d3504dd050c1bdf8dd64f03

  • SHA1

    e00dcda7946e2188f5c6d6f4a9cbb2070ee70030

  • SHA256

    358223636fd7971121ce2e7a5de5e5f569f29a412f5b42458a74922f7219ddb3

  • SHA512

    1424d66ce95947204643d66b55c1251305f98fe9fd8d9d1e0cdcc8532d6080efc76d8a9cb26fec9605e1dd13c0fbdf76ccd7ed435a661bda53504fabe8e93724

  • SSDEEP

    3072:CtzJNYZohZFD7wDsC7ItJZiIRWW+m68yQm6t5:wzJNYZMvD7wDsCgji7WUnQV

Score
10/10
redlinepub2discoveryinfostealer

Malware Config

Extracted

Family

redline

Botnet

pub2

C2

89.22.231.25:45245

Attributes
  • auth_value

    ea9464d486a641bb513057e5f63399e1

Targets

    • Target

      cea34dcb475cbb1e834f6a212c42627aa0e5071d41a1c64e14fc41807d3764d3

    • Size

      277KB

    • MD5

      b52ed515825e5fbbfda4156671ed4a1b

    • SHA1

      27ab3d543e909123f5ce1d466793e51c31c7b00e

    • SHA256

      cea34dcb475cbb1e834f6a212c42627aa0e5071d41a1c64e14fc41807d3764d3

    • SHA512

      7cb0074ef321ab5e453eb24149fabd1362898122ad18a2014018756cbb76a2862a2adccdf1eb948a0bb9269c74b1cbb8e3e6c64ba683c7cebbb24df26af61962

    • SSDEEP

      6144:7V3EqLOq6hd6eEmWCGCC8UbjiKaBO4OX:7V3JLOpWCG+Ubza4pX

    Score
    10/10
    redlinepub2discoveryinfostealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks