Overview

overview

10

Static

static

3

ce51452582...6b.exe

windows7-x64

10

ce51452582...6b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8bbfa834978027a253a1b1916db9263e2a31f36dbfebf4c7dd18d6885151d787

  • Size

    120KB

  • Sample

    241109-p6cgvatnez

  • MD5

    c466dab84da4dae2554437035d82f02c

  • SHA1

    b8688d035cd7829d7aa28be3a5a02fa0b414e688

  • SHA256

    8bbfa834978027a253a1b1916db9263e2a31f36dbfebf4c7dd18d6885151d787

  • SHA512

    f3d96d4a831fbe3fc4bf60b9d157229133bac70f54ee52ccc098921feafc2ebfd2e5e5e93b16e6381ca7effea2ff53776f8c674577c41622c9571810f8625d2a

  • SSDEEP

    3072:QWcU1qyJdkw+zxliwFINEQY/4MCsd7zxBFaI1x2MMZMS/:DcU1nrt+zx9FINEQvjE7B2M0MS/

Score
10/10
redlinepub2discoveryinfostealer

Malware Config

Extracted

Family

redline

Botnet

pub2

C2

89.22.231.25:45245

Attributes
  • auth_value

    ea9464d486a641bb513057e5f63399e1

Targets

    • Target

      ce51452582adb86adebc20985dd43b191a3fc98685fb569937f1e9bad86c0c6b

    • Size

      277KB

    • MD5

      dcd17995073a4178bb6afa347ae75456

    • SHA1

      5f50938fe4b773112486bb03e61fd75a3d2eeb1d

    • SHA256

      ce51452582adb86adebc20985dd43b191a3fc98685fb569937f1e9bad86c0c6b

    • SHA512

      83f494ff036ac4836c01f1947ea9e20afc994b8d70106ee5bc7a2e9ef42132c6ff029d0d982734960f51ee4342260615680ab35baa65376174fe345025ac4f69

    • SSDEEP

      6144:niSAGT+Z6EDT6ezCBU/Z7UTtHnQWlc70lKX:niSAGT+ZYByZ7UTtHntipX

    Score
    10/10
    redlinepub2discoveryinfostealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks