redline | a63b37d9592cda82d3f14761c40c2504b86c97b1b73714613e7ddae4cae76250 | Triage

Sharing

General

Target

a6e5c89402956d3b3d56ab8af16cac21
Size

1.1MB
Sample

241111-cg9d3ayrhx
MD5

a6e5c89402956d3b3d56ab8af16cac21
SHA1

281f91ae3460451e50563648d594e3536c113597
SHA256

a63b37d9592cda82d3f14761c40c2504b86c97b1b73714613e7ddae4cae76250
SHA512

b5e0b28fe63b4ecea0e047df6efa1aa07cdc7e748991511d17eaf536a9d4be6d8bdf11c168c050fcaed6334959cf41b973dc286c9065b000660ffdab97f817df
SSDEEP

24576:JUrUJ8cE4tW+a6+VpgTQtcOifguab0Bez5hw0J2g7szPab+lU:JUrEEgW64kJ/guaQotGfVzdU

Score

10^/10

redline @sanchekkkkk discovery infostealer

Malware Config

Extracted

Family

redline

Botnet

@Sanchekkkkk

C2

79.137.192.20:7466

Attributes

auth_value
10817a38e602b1d9bb93ced603d37fc5

Targets

- Target
  
  Pet Simulator X Script.exe
- Size
  
  758KB
- MD5
  
  eb68007f98e6233778be7d51aa6a8d76
- SHA1
  
  93fcf86feb6bf6deba1247f606e860150a890eb4
- SHA256
  
  ef90e1b5c7d89fbd00a92fa416311c8bc8416f4ae2eeabb1203b8f63b999336b
- SHA512
  
  78a2d1aa42d33769f78a8cf7dd1874917b51678f20992c290f32c8c1a1877cb405182c79abe3d761d0f34eaf94f77bf1c3b7c578c82a79860d5d39c1b0866a7d
- SSDEEP
  
  12288:efzxOMMYiNboPON2Cf/tUdCEinvCTORP2fG7vl7OuEXi2X8CWjarZE7mvTKqZW5a:efzxTMYiNbTlEinvUORP2fo7zCWjsK74
Score

10^/10

redline @sanchekkkkk discovery infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  Update Script.exe
- Size
  
  2.6MB
- MD5
  
  9ccbfc90de4e19383e1b236e2e659f75
- SHA1
  
  81bdcb475210ff4731ce0e0b3239b497f9f70015
- SHA256
  
  82a4239f459b3569ad8c4e608e38c520b5c50ffb5dec97034c3924e594662c39
- SHA512
  
  56d7825804c4439ef42b1f473d9fcc758aa089c3a35cb38728a128e3509f2c210a711e80087e31b18ca28ec0f5a208e061aae15e778edd48049af34fc76d9d8e
- SSDEEP
  
  24576:CVwd9AvyVIp6i5+GOUYMY3XdyA1Mm/9s4dl41lLH9zgMPZYRDkTEuLl8UN3jl3Rw:CVwd9AKVIp64+rmT8mZYJkTEurBl3a
Score

10^/10

redline @sanchekkkkk discovery infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline@sanchekkkkkdiscoveryinfostealer

behavioral2

redline@sanchekkkkkdiscoveryinfostealer

behavioral3

redline@sanchekkkkkdiscoveryinfostealer

behavioral4

redline@sanchekkkkkdiscoveryinfostealer