Overview

overview

10

Static

static

3

ce51452582...6b.exe

windows7-x64

10

ce51452582...6b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5c36d722e8c6155199dc83ce999aa5c26b3bd1c060f160f5abfe1e334e215b7f

  • Size

    120KB

  • Sample

    241111-frq71sxjek

  • MD5

    d7a8088044f20d6cb0794b78fa9bb6d8

  • SHA1

    3b71f8e63222686128595115381cef349661383e

  • SHA256

    5c36d722e8c6155199dc83ce999aa5c26b3bd1c060f160f5abfe1e334e215b7f

  • SHA512

    c3c097d4512cd615c5acb0232883083a7d2f745e0d228c5e51e89ddf96fc803341cbda4d654a318aa02a3298e2b451b17366be139f0a323d8e90c827b41ddd82

  • SSDEEP

    3072:oyKdYh0OV5wGxHiNj6f46HL+Lrjyh/8VX:C00OmNOHCL/yt+X

Score
10/10
redlinepub2discoveryinfostealer

Malware Config

Extracted

Family

redline

Botnet

pub2

C2

89.22.231.25:45245

Attributes
  • auth_value

    ea9464d486a641bb513057e5f63399e1

Targets

    • Target

      ce51452582adb86adebc20985dd43b191a3fc98685fb569937f1e9bad86c0c6b.exe

    • Size

      277KB

    • MD5

      dcd17995073a4178bb6afa347ae75456

    • SHA1

      5f50938fe4b773112486bb03e61fd75a3d2eeb1d

    • SHA256

      ce51452582adb86adebc20985dd43b191a3fc98685fb569937f1e9bad86c0c6b

    • SHA512

      83f494ff036ac4836c01f1947ea9e20afc994b8d70106ee5bc7a2e9ef42132c6ff029d0d982734960f51ee4342260615680ab35baa65376174fe345025ac4f69

    • SSDEEP

      6144:niSAGT+Z6EDT6ezCBU/Z7UTtHnQWlc70lKX:niSAGT+ZYByZ7UTtHntipX

    Score
    10/10
    redlinepub2discoveryinfostealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks