redline | 6199dea22769be27718efc834dac97781ded77e3fc4e0eceb281016e73a61c8c | Triage

Sharing

General

Target

3769516d37fcc4a870aee040c22dfc81.exe
Size

1.1MB
Sample

230328-g14p5shc78
MD5

3769516d37fcc4a870aee040c22dfc81
SHA1

25a0ed1117b7288a8d86cd725a1ddfdfc3aae859
SHA256

6199dea22769be27718efc834dac97781ded77e3fc4e0eceb281016e73a61c8c
SHA512

3ce2f74dbb1e22b80568610db338f0ad4cc492ddbc7c88e7176c2f77f89944d2b6e48c6e904b3a05278febe4325d038869e6384efa11b7669206c7d728235058
SSDEEP

6144:F+/ljQhToWxUIvq7w1MLBkZEAO7x8Lk+POSHe8dXvLx/pIW4:Fij0ToWx/vRE78tPOSHVXbIW4

Score

10^/10

redline work infostealer

Malware Config

Extracted

Family

redline

Botnet

work

C2

45.15.156.16:26932

Attributes

auth_value
c6dce2931c493277148280fea6cc6080

Targets

- Target
  
  3769516d37fcc4a870aee040c22dfc81.exe
- Size
  
  1.1MB
- MD5
  
  3769516d37fcc4a870aee040c22dfc81
- SHA1
  
  25a0ed1117b7288a8d86cd725a1ddfdfc3aae859
- SHA256
  
  6199dea22769be27718efc834dac97781ded77e3fc4e0eceb281016e73a61c8c
- SHA512
  
  3ce2f74dbb1e22b80568610db338f0ad4cc492ddbc7c88e7176c2f77f89944d2b6e48c6e904b3a05278febe4325d038869e6384efa11b7669206c7d728235058
- SSDEEP
  
  6144:F+/ljQhToWxUIvq7w1MLBkZEAO7x8Lk+POSHe8dXvLx/pIW4:Fij0ToWx/vRE78tPOSHVXbIW4
Score

10^/10

redline work infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

redlineworkinfostealer

behavioral2

redlineworkinfostealer