Overview

overview

10

Static

static

3

d248bbdb1c...21.exe

windows7-x64

10

d248bbdb1c...21.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f528e740f72bf16e3b20a97de46fd16444a99989d2bcd12cdba67749ab26739f

  • Size

    124KB

  • Sample

    241110-fgfnjazekj

  • MD5

    5aa71ec1d2e33413d5530e4b90716ac5

  • SHA1

    9bfcafbcebbce4ffe665635d9caf57eb841abd27

  • SHA256

    f528e740f72bf16e3b20a97de46fd16444a99989d2bcd12cdba67749ab26739f

  • SHA512

    e331d62f99c1fec606802dc13d752f26c4a175133eeb12d292249962c3c0ff04b17c888bd53e319ce8d664fd7d7525a68932df8c88ef8876cad0516877f9fa7d

  • SSDEEP

    3072:nqyr7tSAArTxIbINa5QPHoD7oq9flPmACRmPU8uT/Q:D7SrTeR7JeRoU1T/Q

Score
10/10
redlinepub3discoveryinfostealer

Malware Config

Extracted

Family

redline

Botnet

pub3

C2

89.22.231.25:45245

Attributes
  • auth_value

    ffd0fd0d5630c2c573c643bde2ed50b3

Targets

    • Target

      d248bbdb1c67ed97ee0746c0457392c251e7bd2b8487ab91e2e736830a173521

    • Size

      285KB

    • MD5

      51ca3cbcd6a6838130e5e80ade240007

    • SHA1

      826cc301ab52eebdc586e0602e33063fc0ea5130

    • SHA256

      d248bbdb1c67ed97ee0746c0457392c251e7bd2b8487ab91e2e736830a173521

    • SHA512

      4cb0968618c45344ccd4daa9df4c1f324084422ff416a4d70ffcf4f539903d4c0c2013504d9dc555cf22e0ca4ca5f52ec70dd2bc25f95a038ca1bf343dab008a

    • SSDEEP

      6144:oWd94PYZfJfeB76+rG2BZ7i7aHzzX0HNe/iW0tUjl:oWd94PYRmGuYuHzziYb0tUZ

    Score
    10/10
    redlinepub3discoveryinfostealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks