Overview

overview

10

Static

static

3

18fd047102...3a.exe

windows7-x64

7

18fd047102...3a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    18fd0471029adc5a608cc7c442a97f3a.exe

  • Size

    355KB

  • Sample

    240701-bjxyda1gld

  • MD5

    18fd0471029adc5a608cc7c442a97f3a

  • SHA1

    74854bda1aa3e60c3b6f58e8f77882ac7f958486

  • SHA256

    1e92e176dd94bb165b9ac9a391ed84ad473ae69a44139d2f9765dd56974cee0d

  • SHA512

    9cc462178cf8b63b27de90998c3a8cc722cec0bbde604e66482510c3888a78b1e869b4d3e7195c3361bb7fce43392c204c5b760948afd3bbddd6ee225bb61e00

  • SSDEEP

    6144:MM/FgKFH4ZtKyKtHFrO/ODMruf29AYlxJzZfPkcdeyO9U/PRdygA/g3/FGXIqNPo:MI/FutKyQli/3rtT5zPdeyO9U/PRdygE

Score
10/10
redline@marssellers12infostealer

Malware Config

Extracted

Family

redline

Botnet

@MarsSellers12

C2

94.228.166.68:80

Targets

    • Target

      18fd0471029adc5a608cc7c442a97f3a.exe

    • Size

      355KB

    • MD5

      18fd0471029adc5a608cc7c442a97f3a

    • SHA1

      74854bda1aa3e60c3b6f58e8f77882ac7f958486

    • SHA256

      1e92e176dd94bb165b9ac9a391ed84ad473ae69a44139d2f9765dd56974cee0d

    • SHA512

      9cc462178cf8b63b27de90998c3a8cc722cec0bbde604e66482510c3888a78b1e869b4d3e7195c3361bb7fce43392c204c5b760948afd3bbddd6ee225bb61e00

    • SSDEEP

      6144:MM/FgKFH4ZtKyKtHFrO/ODMruf29AYlxJzZfPkcdeyO9U/PRdygA/g3/FGXIqNPo:MI/FutKyQli/3rtT5zPdeyO9U/PRdygE

    Score
    10/10
    redline@marssellers12infostealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks