redline | 0f9234052fb917566646a172326c46b0c4c55e4de5e8e8e0435452dc2aa8859d | Triage

Sharing

General

Target

0f9234052fb917566646a172326c46b0c4c55e4de5e8e8e0435452dc2aa8859d.exe
Size

361KB
Sample

230405-m5vwpadf74
MD5

401e0f6386734e34132480cd471e129c
SHA1

53812d392907a0b3583b62e849e80b3498c37092
SHA256

0f9234052fb917566646a172326c46b0c4c55e4de5e8e8e0435452dc2aa8859d
SHA512

ac2e5ad8f82e01c3bea3d9e47dc11b0265d5d03b7875c0a3f3edf76c6ff060a98f2ca9c655cef8ddccc3b7cd3de676cc7aedc270a887f822fd6c7ec1bae5f5d7
SSDEEP

6144:yYNzvLnjAwAgwobtV2s7cfi58CRYKB2jt/Y/ryL0JpPixWAixWAixWAixWAi4f3j:ywyAV2VKZPBsg+L0JpPixWAixWAixWAC

Score

10^/10

redline @qkies_new infostealer

Malware Config

Extracted

Family

redline

Botnet

@qkies_new

C2

185.106.93.132:800

Attributes

auth_value
aa79a3e21b835d99b68bdcd94f0b0962

Targets

- Target
  
  0f9234052fb917566646a172326c46b0c4c55e4de5e8e8e0435452dc2aa8859d.exe
- Size
  
  361KB
- MD5
  
  401e0f6386734e34132480cd471e129c
- SHA1
  
  53812d392907a0b3583b62e849e80b3498c37092
- SHA256
  
  0f9234052fb917566646a172326c46b0c4c55e4de5e8e8e0435452dc2aa8859d
- SHA512
  
  ac2e5ad8f82e01c3bea3d9e47dc11b0265d5d03b7875c0a3f3edf76c6ff060a98f2ca9c655cef8ddccc3b7cd3de676cc7aedc270a887f822fd6c7ec1bae5f5d7
- SSDEEP
  
  6144:yYNzvLnjAwAgwobtV2s7cfi58CRYKB2jt/Y/ryL0JpPixWAixWAixWAixWAi4f3j:ywyAV2VKZPBsg+L0JpPixWAixWAixWAC
Score

10^/10

redline @qkies_new infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

redline@qkies_newinfostealer

behavioral2

redline@qkies_newinfostealer