redline | a3ecc5b6aafbe778ae130f33948beffba5f61d6797d5a6e9e7b778cfa4892e0b | Triage

Submit
Reports

Overview

overview

Static

static

3

f863b2eaaf...f4.exe

windows7-x64

f863b2eaaf...f4.exe

windows10-2004-x64

Sharing

General

Target

a3ecc5b6aafbe778ae130f33948beffba5f61d6797d5a6e9e7b778cfa4892e0b
Size

180KB
Sample

241110-n95r5awfkk
MD5

4020fc62b5095747d935a455d0c98d7f
SHA1

879dcac6fac27cff0b0c43b9a1ec448bcb4416ee
SHA256

a3ecc5b6aafbe778ae130f33948beffba5f61d6797d5a6e9e7b778cfa4892e0b
SHA512

33978fc98771f5b6287fc82c7572f88f506cfacad3ff8a77239e8ec9f552c5828df0ff308b4b0de516929b8b0c8f48281113d70229fd429eb3e242b316ba9bf1
SSDEEP

3072:BrMCzEJNxWOJbmQwYV6dstScl9rayVEWzEH6r1kKpLc0Dm:Brz4Ikfw7mrayVEWzES1/pY0Dm

Score

10^/10

redline 11 discovery infostealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f863b2eaafe78bd61faf02eda91f00fafe397b7accd0817f03ce68a355d625f4.exe

Resource

win7-20241010-en

redline 11 discovery infostealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

f863b2eaafe78bd61faf02eda91f00fafe397b7accd0817f03ce68a355d625f4.exe

Resource

win10v2004-20241007-en

redline 11 discovery infostealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

11

C2

79.137.202.18:45218

Attributes

auth_value
107e09eee63158d2488feb03dac75204

Targets

- Target
  
  f863b2eaafe78bd61faf02eda91f00fafe397b7accd0817f03ce68a355d625f4
- Size
  
  386KB
- MD5
  
  70d95ececad9aebf59ef9598eec18995
- SHA1
  
  f800e90809fe75cb933e7cfe4ac20d959c199e1c
- SHA256
  
  f863b2eaafe78bd61faf02eda91f00fafe397b7accd0817f03ce68a355d625f4
- SHA512
  
  91c87e83e2c10d9ef55b17c02641540e0a31a0152050c7b1f672c961f0ed0e30215215eb14f22193471107a23f117ab7012771f48b232ed8e3e90d2e53513ee7
- SSDEEP
  
  6144:vRQUMd4UvkL5kDhOM232DeAODGU0dSrTLMA6zJaAjgl:vRRMyUvkLk2Rvo6MAv/l
Score

10^/10

redline 11 discovery infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline11discoveryinfostealer

behavioral2

redline11discoveryinfostealer

© 2018-2024

Terms | Privacy