redline | cfd8c5858672a0d8f87a53aa380b37ecebda7d820eb8fc6b206a5e3e5bb87d2f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

85a73281f86c557b5d7330b3533698cb.bin
Size

158KB
Sample

230331-b3axysgb97
MD5

942d36b4c6afe95d670e5871c61c3349
SHA1

253e13e8306079ccec7ad0c4c169ff591a6ba5e4
SHA256

cfd8c5858672a0d8f87a53aa380b37ecebda7d820eb8fc6b206a5e3e5bb87d2f
SHA512

4747b4b1dc74f9e1906118c5cd4c35e0fa690cf51665f8cf9f9f8a8b132c51806c723f4ba6bc7ff6a6a776696f578ecdc2f03f30576903a012f731b84797705d
SSDEEP

3072:Xg/gAu/JR5mHOBGoqk7WNs9kvs1SGP6GkwS8vXNEj12qywb6MuGTrlfT:XJAQJR5KOBGjWWNs9Ms/1rS8fNM1BFfB

Score

10^/10

redline infostealer

Malware Config

Extracted

Family

redline

C2

135.181.173.163:4324

Attributes

auth_value
a909e2aaecf96137978fea4f86400b9b

Targets

- Target
  
  8c31d335d28c85187d41ee61b85415cc5061af469029c0b1a0fb711adf858a5e.exe
- Size
  
  302KB
- MD5
  
  85a73281f86c557b5d7330b3533698cb
- SHA1
  
  9850b6078042aa96daf47025c19a964324b2601d
- SHA256
  
  8c31d335d28c85187d41ee61b85415cc5061af469029c0b1a0fb711adf858a5e
- SHA512
  
  3ad8535fd5b339834aac121ff3ab12fbfbbc4b6efa17beea88b463f47efe33a6e08561d30b1db17eb672493c7b2de83fd3e6bf1d9265d82ec214356c65382f06
- SSDEEP
  
  6144:ouIhna8PEQyYXHZ8OWtF5wCUaZkftl7KbjKgAmEoNgJ:o/nxEQyYJrEf2AkftwjKgE++
Score

10^/10

redline infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

redlineinfostealer

behavioral2

redlineinfostealer