redline | 3bb343bbe6fd5583723716b5c75772bca2300a5f3c3edbcac33641e155096831 | Triage

Submit
Reports

Overview

overview

Static

static

3

b67f79930f...ab.exe

windows7-x64

b67f79930f...ab.exe

windows10-2004-x64

Sharing

General

Target

3bb343bbe6fd5583723716b5c75772bca2300a5f3c3edbcac33641e155096831
Size

160KB
Sample

241109-r9spcawgkg
MD5

257a9392be7b1e3af8928cac870378db
SHA1

5ea71500cdae0c59a52682ffa19369d48dfc0f94
SHA256

3bb343bbe6fd5583723716b5c75772bca2300a5f3c3edbcac33641e155096831
SHA512

51419b230572b7e449c097bf3cd7daaaa98b644aa5db36cdf3c2e79ba0f095d9c575aca57fb3467daddae2b6700fe356d5977ccafffd055ca761effc28afe02e
SSDEEP

3072:NqsWCTiOuMKfdIhAwWXZOUwmjxSMPd5d3STnSfaL654xzb:NqzCGLfq6ZVHjwW9ESfaLouzb

Score

10^/10

redline pub2 discovery infostealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b67f79930f2e931de2c028807e9b4d01fcdb66eae16da58b8f7c5f52fe5018ab.exe

Resource

win7-20240903-en

redline pub2 discovery infostealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

b67f79930f2e931de2c028807e9b4d01fcdb66eae16da58b8f7c5f52fe5018ab.exe

Resource

win10v2004-20241007-en

redline pub2 discovery infostealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

pub2

C2

89.22.231.25:45245

Attributes

auth_value
ea9464d486a641bb513057e5f63399e1

Targets

- Target
  
  b67f79930f2e931de2c028807e9b4d01fcdb66eae16da58b8f7c5f52fe5018ab
- Size
  
  354KB
- MD5
  
  341777567e84e7a1cb56c3f6b96519f9
- SHA1
  
  2ded8b336eebe82bf331dd61b8ac8c7d12963d53
- SHA256
  
  b67f79930f2e931de2c028807e9b4d01fcdb66eae16da58b8f7c5f52fe5018ab
- SHA512
  
  f022eb8bf9e08a2570ab6dc4cb4b89e3272ebfdfb07fbe61e41c68c1b6b71914c8c9b2168f2a0edfed8a573a72ea91e786ce24f4b75b32e4b9e53c8e1c738ec4
- SSDEEP
  
  6144:JIbTupLlr7T0SDe14rx1AO/olnIZixtJO+k9tgcLF5N:Knupq3gtkZkfNF5
Score

10^/10

redline pub2 discovery infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinepub2discoveryinfostealer

behavioral2

redlinepub2discoveryinfostealer

© 2018-2024

Terms | Privacy