redline | 904a84d6703e7310a7d7b5cc3cf5468595b5919570738acc8e42b074f97d7111 | Triage

Sharing

General

Target

3f48a4f8768ee6eb34db5f70f49a5aa5c5c29dfc
Size

1.9MB
Sample

241110-1gr2sawajj
MD5

489f36c0732c7f75ac600cb70b4a7539
SHA1

3f48a4f8768ee6eb34db5f70f49a5aa5c5c29dfc
SHA256

904a84d6703e7310a7d7b5cc3cf5468595b5919570738acc8e42b074f97d7111
SHA512

0b163b99fd45c7d159be387a0b14b00860b018515db5a91bb347dd4d5e25946762f79185bede45a3b3804990fe17ed01b7d2ce39d1881fda7de8c70821a2d369
SSDEEP

49152:e06m7NpA0GNJ/lU+zJwZjvjcpT+gDEvTqb8Td/pP6F:eA7UJ/5zGZjvjcQgGqYJ

Score

10^/10

redline @merlinholy discovery infostealer

Malware Config

Extracted

Family

redline

Botnet

@merlinholy

C2

185.189.167.123:37360

Attributes

auth_value
9c36b63cccb3eade62bdc17519c7bd37

Targets

- Target
  
  3f48a4f8768ee6eb34db5f70f49a5aa5c5c29dfc
- Size
  
  1.9MB
- MD5
  
  489f36c0732c7f75ac600cb70b4a7539
- SHA1
  
  3f48a4f8768ee6eb34db5f70f49a5aa5c5c29dfc
- SHA256
  
  904a84d6703e7310a7d7b5cc3cf5468595b5919570738acc8e42b074f97d7111
- SHA512
  
  0b163b99fd45c7d159be387a0b14b00860b018515db5a91bb347dd4d5e25946762f79185bede45a3b3804990fe17ed01b7d2ce39d1881fda7de8c70821a2d369
- SSDEEP
  
  49152:e06m7NpA0GNJ/lU+zJwZjvjcpT+gDEvTqb8Td/pP6F:eA7UJ/5zGZjvjcQgGqYJ
Score

10^/10

redline @merlinholy discovery infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

redline@merlinholydiscoveryinfostealer