redline | 4988699e66e1682e6e6b4ed2eade231227f8d280397e50b6e54f89146ae3316f | Triage

Submit
Reports

Overview

overview

Static

static

3

0047b0e0bd...07.exe

windows7-x64

0047b0e0bd...07.exe

windows10-2004-x64

Sharing

General

Target

4988699e66e1682e6e6b4ed2eade231227f8d280397e50b6e54f89146ae3316f
Size

120KB
Sample

241108-v1s6aswfnl
MD5

06f2cde113fe55f05fd8ecba23f2b7b8
SHA1

2a2183c50f1a7d837c868bb9c09a9d24c3f092d6
SHA256

4988699e66e1682e6e6b4ed2eade231227f8d280397e50b6e54f89146ae3316f
SHA512

0844975b42b5c66d89ef124ff2a85108f2872b9e6ef20c8effde6faba34b8e8d0e70cbf957ec8de833d34ff741b0511e6c0f68eb6a28b5149056c3c59b5b644a
SSDEEP

3072:GvXTEQGWmMfS6SrSaRbWn8XYTzKygLahGoVwRx6W:GbEQGdgJSNRbW8SzXaahRw36W

Score

10^/10

redline pub2 discovery infostealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0047b0e0bda4131d1e4c91bb548422c6f6599e2982df9ed66277316a4b656a07.exe

Resource

win7-20240708-en

redline pub2 discovery infostealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

0047b0e0bda4131d1e4c91bb548422c6f6599e2982df9ed66277316a4b656a07.exe

Resource

win10v2004-20241007-en

redline pub2 discovery infostealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

pub2

C2

89.22.231.25:45245

Attributes

auth_value
ea9464d486a641bb513057e5f63399e1

Targets

- Target
  
  0047b0e0bda4131d1e4c91bb548422c6f6599e2982df9ed66277316a4b656a07
- Size
  
  277KB
- MD5
  
  f717e7160a9bba3b22b9cae24cc3b7ef
- SHA1
  
  0aac7d66fe0bc8944eeff8b8fcaf20a313908b16
- SHA256
  
  0047b0e0bda4131d1e4c91bb548422c6f6599e2982df9ed66277316a4b656a07
- SHA512
  
  844cf23a0d7b852bfdd3ee413a2c3192762d25fab1f49767265ab83eb2c9e1c7dcbfb1e72b32c34dae80a3ad13275d53365f3f7eeb6cd303bfa3ac79daee35a3
- SSDEEP
  
  6144:s1NtyTXVo1Hbj4dUSKCfoo/nDUbs6f7hSJX:s1NtyWCwCfr/Abz1wX
Score

10^/10

redline pub2 discovery infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinepub2discoveryinfostealer

behavioral2

redlinepub2discoveryinfostealer

© 2018-2024

Terms | Privacy