Overview

overview

10

Static

static

3

b3ecf50e23...07.exe

windows7-x64

10

b3ecf50e23...07.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c6fa67229904c71599a47e4c9fdcca24fdc11eb663462f70257d527a8ee48d2b

  • Size

    183KB

  • Sample

    241109-15gkyswnbk

  • MD5

    f0a3a075526b8afbab938b1eed04ad77

  • SHA1

    a2a41373c8828c8ab46781f44d2864ece82bd6b2

  • SHA256

    c6fa67229904c71599a47e4c9fdcca24fdc11eb663462f70257d527a8ee48d2b

  • SHA512

    bede260e8a1176271c5019db316ed92074e4879ecfa5b7dd0820cfab1faf5fd7f70ed7cf75c08ed8444266a153fbec4769437f2472c79d1b16daad672d0d8d2e

  • SSDEEP

    3072:ZK19M7mQX6JvRRsibmw2UzZj9ijc4RN/udVW4SVw/v7m8xtM6HdxcUrBl3CY9+vi:+9u05RJStm9u/u7W4ew/v7m8xdxcUrvz

Score
10/10
redlinepub2discoveryinfostealer

Malware Config

Extracted

Family

redline

Botnet

pub2

C2

89.22.231.55:45245

Attributes
  • auth_value

    ea9464d486a641bb513057e5f63399e1

Targets

    • Target

      b3ecf50e232abd59a59b8015ff03f74e4b1285dd65d04ea0053de8bf1fc0b907

    • Size

      397KB

    • MD5

      4463991e4f75a4ac9817c7a7df9f221e

    • SHA1

      6d1d5dae4571bbfe885e3d74999d1e29fc5d785c

    • SHA256

      b3ecf50e232abd59a59b8015ff03f74e4b1285dd65d04ea0053de8bf1fc0b907

    • SHA512

      b937936b3c1343f614bca64d4f22af33ac533748d5c667f64104567a8aeb5a0f193c7e966666734a08212c6e778e1adea20477c522b03ab1e0171278d11b756c

    • SSDEEP

      6144:D+hp0xIyuQ3QTprP30jUISJTfAOms8p+Rq1/spHFrGKSa:Dip0xIyuQgV9cs8gRwta

    Score
    10/10
    redlinepub2discoveryinfostealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks