redline | 8b9d8318c4e967c3e80657d9e558be7d226b1e09498beaa99e41c3f47ae4dac2 | Triage

Submit
Reports

Overview

overview

Static

static

3

0047b0e0bd...07.exe

windows7-x64

0047b0e0bd...07.exe

windows10-2004-x64

Sharing

General

Target

8b9d8318c4e967c3e80657d9e558be7d226b1e09498beaa99e41c3f47ae4dac2
Size

120KB
Sample

241111-b89ngazcpq
MD5

09cf8f93b904738abaee85b990edd17d
SHA1

8d9d5f76077da75b69b510854c74f00524463537
SHA256

8b9d8318c4e967c3e80657d9e558be7d226b1e09498beaa99e41c3f47ae4dac2
SHA512

fff1784e5fafce36abd38ceb60c74b27d54ecb31a17f7464da99595a22b20f5207d9b8f8bb3177a3dd702bf0ecde3c0283d6bb32047348b4cdbcab26372d2f5d
SSDEEP

3072:XvXTEQGWmMfS6SrSaRbWn8XYTzKygLahGoVwRx6x:XbEQGdgJSNRbW8SzXaahRw36x

Score

10^/10

redline pub2 discovery infostealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0047b0e0bda4131d1e4c91bb548422c6f6599e2982df9ed66277316a4b656a07.exe

Resource

win7-20240903-en

redline pub2 discovery infostealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

0047b0e0bda4131d1e4c91bb548422c6f6599e2982df9ed66277316a4b656a07.exe

Resource

win10v2004-20241007-en

redline pub2 discovery infostealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

pub2

C2

89.22.231.25:45245

Attributes

auth_value
ea9464d486a641bb513057e5f63399e1

Targets

- Target
  
  0047b0e0bda4131d1e4c91bb548422c6f6599e2982df9ed66277316a4b656a07
- Size
  
  277KB
- MD5
  
  f717e7160a9bba3b22b9cae24cc3b7ef
- SHA1
  
  0aac7d66fe0bc8944eeff8b8fcaf20a313908b16
- SHA256
  
  0047b0e0bda4131d1e4c91bb548422c6f6599e2982df9ed66277316a4b656a07
- SHA512
  
  844cf23a0d7b852bfdd3ee413a2c3192762d25fab1f49767265ab83eb2c9e1c7dcbfb1e72b32c34dae80a3ad13275d53365f3f7eeb6cd303bfa3ac79daee35a3
- SSDEEP
  
  6144:s1NtyTXVo1Hbj4dUSKCfoo/nDUbs6f7hSJX:s1NtyWCwCfr/Abz1wX
Score

10^/10

redline pub2 discovery infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinepub2discoveryinfostealer

behavioral2

redlinepub2discoveryinfostealer

© 2018-2024

Terms | Privacy