redline | ac77a1b2a864a90a510537b096cdd499b2fa4695fb8112e9e2f1d200ec4a8c12 | Triage

Submit
Reports

Overview

overview

Static

static

bf8cd12acb...18.exe

windows7-x64

8

bf8cd12acb...18.exe

windows10-2004-x64

Sharing

General

Target

bf8cd12acb64e52f34387ade85b0fb18.exe
Size

965KB
Sample

221025-wmtqcadddr
MD5

bf8cd12acb64e52f34387ade85b0fb18
SHA1

e538eba64d5134636fb14abf0bd4580b2d9b13ca
SHA256

ac77a1b2a864a90a510537b096cdd499b2fa4695fb8112e9e2f1d200ec4a8c12
SHA512

b05530161f35e6c462516ff0584210a63e34748987f1aba2566f54ac9b27e4985577e239d45eddce6286067a3436d0741f4fc88eb5f393668d9446a25ba561f4
SSDEEP

24576:G53uhFbHKXdz66otpMa0pVYMfDE849CNlJSk3Pnzu:G5+hFWtzRGpMdL9fDE849CN/Skfzu

Score

10^/10

redline 0808-ab infostealer

Static task

static1

Behavioral task

behavioral1

Sample

bf8cd12acb64e52f34387ade85b0fb18.exe

Resource

win7-20220812-en

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

bf8cd12acb64e52f34387ade85b0fb18.exe

Resource

win10v2004-20220812-en

redline 0808-ab infostealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

0808-ab

C2

144.202.95.227:80

Targets

- Target
  
  bf8cd12acb64e52f34387ade85b0fb18.exe
- Size
  
  965KB
- MD5
  
  bf8cd12acb64e52f34387ade85b0fb18
- SHA1
  
  e538eba64d5134636fb14abf0bd4580b2d9b13ca
- SHA256
  
  ac77a1b2a864a90a510537b096cdd499b2fa4695fb8112e9e2f1d200ec4a8c12
- SHA512
  
  b05530161f35e6c462516ff0584210a63e34748987f1aba2566f54ac9b27e4985577e239d45eddce6286067a3436d0741f4fc88eb5f393668d9446a25ba561f4
- SSDEEP
  
  24576:G53uhFbHKXdz66otpMa0pVYMfDE849CNlJSk3Pnzu:G5+hFWtzRGpMdL9fDE849CN/Skfzu
Score

10^/10

redline 0808-ab infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

redline0808-abinfostealer

© 2018-2025

Terms | Privacy