redline | 25502cd9907336216d2733d966787f67c47a6ea07a7895a4fa9f26e9206dd0e7 | Triage

Sharing

General

Target

25502cd9907336216d2733d966787f67c47a6ea07a7895a4fa9f26e9206dd0e7
Size

699KB
Sample

240319-xgcejsbf82
MD5

c6f4ffde851054ec2871e72833cd9d59
SHA1

e688103c4fa3ca815732f0f70f37d11f69232e04
SHA256

25502cd9907336216d2733d966787f67c47a6ea07a7895a4fa9f26e9206dd0e7
SHA512

47264796515d6ef559b9f33f68011230ba242f5edfc47ea28cc1f788930a6e42f42c7c2963bf727ab67e86e859ae877a139af91dd0e7e95581a69888ad192fe4
SSDEEP

12288:bzcNWKoGVk6ax2GqvIWa5t6rsKjovt4E+P81XX2y5CNjyg6O:sL3+7x2I/KjM0P81XXVMegZ

Score

10^/10

redline fud infostealer

Malware Config

Extracted

Family

redline

Botnet

fud

C2

45.15.156.7:48638

Attributes

auth_value
da2faefdcf53c9d85fcbb82d0cbf4876

Targets

- Target
  
  25502cd9907336216d2733d966787f67c47a6ea07a7895a4fa9f26e9206dd0e7
- Size
  
  699KB
- MD5
  
  c6f4ffde851054ec2871e72833cd9d59
- SHA1
  
  e688103c4fa3ca815732f0f70f37d11f69232e04
- SHA256
  
  25502cd9907336216d2733d966787f67c47a6ea07a7895a4fa9f26e9206dd0e7
- SHA512
  
  47264796515d6ef559b9f33f68011230ba242f5edfc47ea28cc1f788930a6e42f42c7c2963bf727ab67e86e859ae877a139af91dd0e7e95581a69888ad192fe4
- SSDEEP
  
  12288:bzcNWKoGVk6ax2GqvIWa5t6rsKjovt4E+P81XX2y5CNjyg6O:sL3+7x2I/KjM0P81XXVMegZ
Score

10^/10

redline fud infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redlinefudinfostealer

behavioral2

redlinefudinfostealer