Overview

overview

10

Static

static

3

080312f537...af.exe

windows7-x64

10

080312f537...af.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8bc5115351e08d3215d345cbbc4f57c07e14b9e1165194b8f600ad1d715354f2

  • Size

    161KB

  • Sample

    241109-t6nmbsybll

  • MD5

    ec281b6da8890ee5fcd240e87f212006

  • SHA1

    cd622d9d0d20b42ce9239ca44f19e38ee4f32cb9

  • SHA256

    8bc5115351e08d3215d345cbbc4f57c07e14b9e1165194b8f600ad1d715354f2

  • SHA512

    ef315f09eb9104921034f38a56de61b5d51b4d5f6946af7fa54bf48e60601103955ce4e7432c09801797645423eae4e63c841eb854e3661c474cb01fcba2689a

  • SSDEEP

    3072:M7RW4nyozutISkLn65sRICrMgIGdmo4rfaueUg+pSOVonjzY7k4hsv:M7R+ozuySQ62nbIGdmPrSueUfS1XY7kP

Score
10/10
redlinepub3discoveryinfostealer

Malware Config

Extracted

Family

redline

Botnet

pub3

C2

89.22.231.25:45245

Attributes
  • auth_value

    ffd0fd0d5630c2c573c643bde2ed50b3

Targets

    • Target

      080312f53754f4fc093cd74796fabbf695eb5cadb0ebab6843d95c756ef4a9af

    • Size

      356KB

    • MD5

      acf617f552b7ef416ba21876b417e82e

    • SHA1

      cd71a5b60eace4297d37d080658bf6c44e1f7cd1

    • SHA256

      080312f53754f4fc093cd74796fabbf695eb5cadb0ebab6843d95c756ef4a9af

    • SHA512

      64552f61971816bb4c2b0dec8cd9f22b05fdd2a43dc9fd14bcd2b1a351b137883de348f916e481be3809f48cf1d1dd4e71c0311cbcb6149dae5e918306d863c8

    • SSDEEP

      6144:+cSONi55EQmRZ17y4b7AOIHMJBc/R7w3teSgmY+s1Jl:cONi55EQ0J7+fRkdeSgmYj1J

    Score
    10/10
    redlinepub3discoveryinfostealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks