redline | 9300729c932ecd63e9459ea12eccca095de7269fe14b525a52e25f09d3f8f6af | Triage

Sharing

General

Target

9300729c932ecd63e9459ea12eccca095de7269fe14b525a52e25f09d3f8f6af
Size

1.9MB
Sample

241111-bbb1yayjgw
MD5

1fe4763e551f589ccdfd95c1c76f26b1
SHA1

1af61e74f0f9150ff39e7e373c3babeef85d7f7e
SHA256

9300729c932ecd63e9459ea12eccca095de7269fe14b525a52e25f09d3f8f6af
SHA512

39d5aa945580557a814c495d55d7b6b9553196d1fd23194d3bedcb9bab747f9ef55892c6bbbcedb3031329c706103dd1187ad28454b9b630d19db05302f4b119
SSDEEP

49152:e06m7NpA0GNJ/lU+zJwZjvjcpT+gDEvTqb8Td/pP6F:eA7UJ/5zGZjvjcQgGqYJ

Score

10^/10

redline @merlinholy discovery infostealer

Malware Config

Extracted

Family

redline

Botnet

@merlinholy

C2

185.189.167.123:37360

Attributes

auth_value
9c36b63cccb3eade62bdc17519c7bd37

Targets

- Target
  
  9300729c932ecd63e9459ea12eccca095de7269fe14b525a52e25f09d3f8f6af
- Size
  
  1.9MB
- MD5
  
  1fe4763e551f589ccdfd95c1c76f26b1
- SHA1
  
  1af61e74f0f9150ff39e7e373c3babeef85d7f7e
- SHA256
  
  9300729c932ecd63e9459ea12eccca095de7269fe14b525a52e25f09d3f8f6af
- SHA512
  
  39d5aa945580557a814c495d55d7b6b9553196d1fd23194d3bedcb9bab747f9ef55892c6bbbcedb3031329c706103dd1187ad28454b9b630d19db05302f4b119
- SSDEEP
  
  49152:e06m7NpA0GNJ/lU+zJwZjvjcpT+gDEvTqb8Td/pP6F:eA7UJ/5zGZjvjcQgGqYJ
Score

10^/10

redline @merlinholy discovery infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

redline@merlinholydiscoveryinfostealer