redline | 5e387190afed7e3a77f3a72f0ce729597dd21a3f8e16665a33e88adfda028746 | Triage

Sharing

General

Target

b1e3fbeac537a0fe33a57e2a044c2db0ea986ab5
Size

490KB
Sample

241111-ane3pa1pdk
MD5

b6b82d98553e85c4d2555dede4559292
SHA1

b1e3fbeac537a0fe33a57e2a044c2db0ea986ab5
SHA256

5e387190afed7e3a77f3a72f0ce729597dd21a3f8e16665a33e88adfda028746
SHA512

b42c1813910fde7cab8dd30aaae9187b31cec1ea91dc41cf94d3c501a0621695663a3d71c2cba7380ec66738af6e6c03ffb9329c7f59fb9a21a984c78d06c54f
SSDEEP

12288:XT6gtlEkX/gMFQXuhjXSuBAvvkSPzx5prI3v:X2Sl3lQXSjXSuGsSPNI3v

Score

10^/10

redline ccleaner discovery infostealer

Malware Config

Extracted

Family

redline

Botnet

ccleaner

C2

142.202.242.179:40626

Attributes

auth_value
4fc600a6c139b489353d2f56194ec554

Targets

- Target
  
  b1e3fbeac537a0fe33a57e2a044c2db0ea986ab5
- Size
  
  490KB
- MD5
  
  b6b82d98553e85c4d2555dede4559292
- SHA1
  
  b1e3fbeac537a0fe33a57e2a044c2db0ea986ab5
- SHA256
  
  5e387190afed7e3a77f3a72f0ce729597dd21a3f8e16665a33e88adfda028746
- SHA512
  
  b42c1813910fde7cab8dd30aaae9187b31cec1ea91dc41cf94d3c501a0621695663a3d71c2cba7380ec66738af6e6c03ffb9329c7f59fb9a21a984c78d06c54f
- SSDEEP
  
  12288:XT6gtlEkX/gMFQXuhjXSuBAvvkSPzx5prI3v:X2Sl3lQXSjXSuGsSPNI3v
Score

10^/10

redline ccleaner discovery infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Redline family
  redline
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineccleanerdiscoveryinfostealer

behavioral2

redlineccleanerinfostealer