redline | ed1784d50e3da5daa8178094fcee1fa9c0e5509bf1e77d0acf6f1cf11dd44fff | Triage

Sharing

General

Target

Setup.exe
Size

7.2MB
Sample

250311-yypxmsvtax
MD5

691de5f672de4897dfbd2e54418dc587
SHA1

a63cb199ef02798caa326ed80412dc2ec0bed5ad
SHA256

ed1784d50e3da5daa8178094fcee1fa9c0e5509bf1e77d0acf6f1cf11dd44fff
SHA512

15d830e16e8a7bfedc1f94934bbeb44a21e8ae7a0e62daf7fbf6a5385aa69d9dba62113fa7ccfac916832fe1bdfda55a84358c1a01e3db03dc86175ed2be1a76
SSDEEP

98304:i8ZwIQDCfn6ujDo5XrTuE3/P23ULzv5ZaG4nQm+:i8ZwXDCftoBrTu++gzho4

Score

10^/10

redline 1 discovery infostealer

Malware Config

Extracted

Family

redline

Botnet

1

C2

193.233.132.32:38976

Targets

- Target
  
  Setup.exe
- Size
  
  7.2MB
- MD5
  
  691de5f672de4897dfbd2e54418dc587
- SHA1
  
  a63cb199ef02798caa326ed80412dc2ec0bed5ad
- SHA256
  
  ed1784d50e3da5daa8178094fcee1fa9c0e5509bf1e77d0acf6f1cf11dd44fff
- SHA512
  
  15d830e16e8a7bfedc1f94934bbeb44a21e8ae7a0e62daf7fbf6a5385aa69d9dba62113fa7ccfac916832fe1bdfda55a84358c1a01e3db03dc86175ed2be1a76
- SSDEEP
  
  98304:i8ZwIQDCfn6ujDo5XrTuE3/P23ULzv5ZaG4nQm+:i8ZwXDCftoBrTu++gzho4
Score

10^/10

redline 1 discovery infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline1discoveryinfostealer

behavioral2

redline1discoveryinfostealer