redline | 0dbe2f4c9fb1df2da8f350a6b100051a9870c507893306e438a5043440515cf3 | Triage

Sharing

General

Target

Apocalypse-beta 0.25.rar
Size

1.2MB
Sample

221201-qg979aeg3z
MD5

370403f360bc7d156a61d98f0f1a8312
SHA1

17d399f79d34b179e206ea763af4a8f5c69cc1f1
SHA256

0dbe2f4c9fb1df2da8f350a6b100051a9870c507893306e438a5043440515cf3
SHA512

b29a07dd1ef799d0ac2215a3b9cfb4684f1477fed28a79d07620c4a52d166dc4c2b5b145e35576944f0b8e367474f846e5cfcdefeef48d307865cf54f738aa35
SSDEEP

24576:n7LKXMV7JS8fV7FDmYrSjTqOKvFoFDqS3wIZfrVHyNZDXNbyYXD:7GXU7c47FDmYrI5DqS3VB4jNND

Score

10^/10

redline almv infostealer

Malware Config

Extracted

Family

redline

Botnet

almv

C2

79.137.199.206:45354

Attributes

auth_value
76c2a356a8839fd8b4eaf48948178a8a

Targets

- Target
  
  ALMV Launcher.exe
- Size
  
  742.6MB
- MD5
  
  8cddcf405a72b2d981532e1d3e17699f
- SHA1
  
  f7bfb31a2c1bf54f7ef880239056b1856630d664
- SHA256
  
  859185aee0c38ff110e5f3db1540ad2652e9169ebb96bdf4c9712687e6221371
- SHA512
  
  0574f3d8949a8b0699559ff94ce78d186506b01e1332075d55860e0db2ee9a051e0ae9e7af2481866061d5cdc0ea2d47633c34089e16da66dd430490bb8312ca
- SSDEEP
  
  12288:7TFXGNy0issp5HNisIMCpzXoeU7WS86Og5MGdaUjbIh9/sWr:fxbssp5H1IMCpTo+KX
Score

10^/10

redline almv infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  amd_ags_x64.dll
- Size
  
  41KB
- MD5
  
  00d9c1f1485c9c965c53f1aa5448412b
- SHA1
  
  c071f40ea7f534daa4bded2b0755b7a2cd72dae5
- SHA256
  
  298b40fb70c142cc61135a125ff6c2a2e474526b9a7045102666a9434e84f459
- SHA512
  
  60227c729d08e958039acc8290b33cb338a414bbd6a1d9592d8188bfef07786dff8717cb7ad74d991c0c0a7476fec637d114be6a9beec2e8976dca9aad530016
- SSDEEP
  
  768:gUbBwQVwW2Wqn4p5hjufZbVa/MECPdAqTzUVGIM/o/:guYW2gp5hExEMAqTgVGo
Score

3^/10
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

redlinealmvinfostealer

behavioral3

behavioral4