redline | bd948aeb2b607b34e8d32f22b9e5aee402057adebae4a2e0c70bd666e688f1f8 | Triage

Resubmissions

17-01-2025 15:11

250117-sk4kzssrhv 10

17-01-2025 15:09

250117-sjgd3asrbs 10

17-01-2025 15:07

250117-shlbmasqgv 10

17-01-2025 14:27

250117-rsndas1pgx 10

16-01-2025 17:37

250116-v7e71s1ncy 10

16-01-2025 17:30

250116-v27eba1lew 10

16-01-2025 17:29

250116-v232ws1let 3

16-01-2025 17:29

250116-v21lrs1ldz 3

16-01-2025 17:27

250116-v1g32a1qfk 10

16-01-2025 09:47

250116-lsajjsvrgn 10

Sharing

General

Target

4363463463464363463463463.exe.zip
Size

4KB
Sample

250117-sjgd3asrbs
MD5

7b2b0ccc6317a6becadaf5e02311202e
SHA1

ccad99b8fad61369101e068f0c3a5bec9cfa309f
SHA256

bd948aeb2b607b34e8d32f22b9e5aee402057adebae4a2e0c70bd666e688f1f8
SHA512

b7af04ee0792d2a13ffd7013e7c5f98cf037f06f8597e4f3261af04252137483ff7fcb7db28c60a543f130ac65307cd1c7a831c2267fa78a91f9acdcc535744a
SSDEEP

96:ALOzCoGgabugh2Yu8fjMIsSv3JGHUrD5gf2jxkS7xQIKWV7YNgGptaT+YaL:ALObGgabf88jgcxR1NWIXWgGpo74

Score

10^/10

redline stealc voov3 discovery infostealer stealer

Malware Config

Extracted

Family

stealc

Botnet

Voov3

C2

http://154.216.17.90

Attributes

url_path
/a48146f6763ef3af.php

Targets

- Target
  
  4363463463464363463463463.exe.bin
- Size
  
  10KB
- MD5
  
  2a94f3960c58c6e70826495f76d00b85
- SHA1
  
  e2a1a5641295f5ebf01a37ac1c170ac0814bb71a
- SHA256
  
  2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce
- SHA512
  
  fbf55b55fcfb12eb8c029562956229208b9e8e2591859d6336c28a590c92a4d0f7033a77c46ef6ebe07ddfca353aba1e84b51907cd774beab148ee901c92d62f
- SSDEEP
  
  192:xlwayyHOXGc20L7BIW12n/ePSjiTlzkGu8stYcFwVc03KY:xlwwHe/20PKn/cLTlHuptYcFwVc03K
Score

10^/10

redline stealc voov3 discovery infostealer stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Stealc family
  stealc
- Downloads MZ/PE file
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

redlinestealcvoov3discoveryinfostealerstealer