redline | d3f7cb3de3822efc9adac2b898bae8078bdea2806b97a02260c5f10a47647460 | Triage

Sharing

General

Target

launchеr-pс.zip
Size

30.0MB
Sample

241127-y4swgsvnan
MD5

7814873eb175159cdecb6c6276737e2e
SHA1

ed4fa5112d9092b654c0bc4639ede789f2071636
SHA256

d3f7cb3de3822efc9adac2b898bae8078bdea2806b97a02260c5f10a47647460
SHA512

b02604c9311ed85923bc6d53ad1dd9ec6c93a8c4600986156042c9d7fbce5517a8d4157aa779450f1b8ed67fb75dd34a697eddec09ee25bb641d8d53db132aa9
SSDEEP

786432:u3/cI91oBjJm7QaC6v72bQgVR6uNliUqMAV7sDpE8l5:u3kIL1RCiq0gnpNCVItz

Score

10^/10

redline @miromistin0 discovery infostealer

Malware Config

Extracted

Family

redline

Botnet

@miromistin0

C2

94.142.138.4:80

Attributes

auth_value
2ee380277e944675703ad248459af8c3

Targets

- Target
  
  launchеr-pс.zip
- Size
  
  30.0MB
- MD5
  
  7814873eb175159cdecb6c6276737e2e
- SHA1
  
  ed4fa5112d9092b654c0bc4639ede789f2071636
- SHA256
  
  d3f7cb3de3822efc9adac2b898bae8078bdea2806b97a02260c5f10a47647460
- SHA512
  
  b02604c9311ed85923bc6d53ad1dd9ec6c93a8c4600986156042c9d7fbce5517a8d4157aa779450f1b8ed67fb75dd34a697eddec09ee25bb641d8d53db132aa9
- SSDEEP
  
  786432:u3/cI91oBjJm7QaC6v72bQgVR6uNliUqMAV7sDpE8l5:u3kIL1RCiq0gnpNCVItz
Score

10^/10

discovery redline @miromistin0 infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

redline@miromistin0discoveryinfostealer