redline | cff5f168c026352b47b2ca04d17608b2856a07e1854216fe20cafdf755a7bde9 | Triage

Sharing

General

Target

cff5f168c026352b47b2ca04d17608b2856a07e1854216fe20cafdf755a7bde9
Size

2.5MB
Sample

221101-nesjbaccdj
MD5

b960f22a874611d236936a6b70c02001
SHA1

332ba6c2d43d5c747c2238618e13e5f7b7a4018f
SHA256

cff5f168c026352b47b2ca04d17608b2856a07e1854216fe20cafdf755a7bde9
SHA512

0f922cfc867d333530bc9f372b3c4f46e685690a0956db8ccbf48727f9762fd7aa49b43f5b8c42a63f99e9790a8020bf9cd23dc08622a5c66406e85c80f2b1f9
SSDEEP

24576:XmR/pCYqHbYTYUoY9PSGMKDd4lYQ3TveiCOKU/hsNpgJLk+Hbl3RuQ55313Q:Xm5Vqw9IevO5/hs3gJnl3u

Score

10^/10

redline infostealer

Malware Config

Extracted

Family

redline

C2

194.26.229.212:47495

Attributes

auth_value
4ecb8f70a78c110cf5e92deaf5855f22

Targets

- Target
  
  cff5f168c026352b47b2ca04d17608b2856a07e1854216fe20cafdf755a7bde9
- Size
  
  2.5MB
- MD5
  
  b960f22a874611d236936a6b70c02001
- SHA1
  
  332ba6c2d43d5c747c2238618e13e5f7b7a4018f
- SHA256
  
  cff5f168c026352b47b2ca04d17608b2856a07e1854216fe20cafdf755a7bde9
- SHA512
  
  0f922cfc867d333530bc9f372b3c4f46e685690a0956db8ccbf48727f9762fd7aa49b43f5b8c42a63f99e9790a8020bf9cd23dc08622a5c66406e85c80f2b1f9
- SSDEEP
  
  24576:XmR/pCYqHbYTYUoY9PSGMKDd4lYQ3TveiCOKU/hsNpgJLk+Hbl3RuQ55313Q:Xm5Vqw9IevO5/hs3gJnl3u
Score

10^/10

redline infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

redlineinfostealer

behavioral2

redlineinfostealer