redline | 989079c4efa222424d97d1e0e763defcdba4c0e83aaf06cbe31b71f7e38afb71 | Triage

Sharing

General

Target

71d9e1a060b59e293a2e098444b63221
Size

294KB
Sample

241111-c85vys1erg
MD5

71d9e1a060b59e293a2e098444b63221
SHA1

5fde17a9e0b83c7e994bfa433eabd821f7589528
SHA256

989079c4efa222424d97d1e0e763defcdba4c0e83aaf06cbe31b71f7e38afb71
SHA512

11fa8b09b2cb68d48d9d54d592a4a60d86801df173ab5eafc0b1f28c26efb6c3b4b5257188d98ce1a758d25bb8645a0909ffe13fc86c2cd529d2710cd32200a6
SSDEEP

6144:iWgfoGFED9pK4gzrAOcWKEXdklSzMkfn5:iZfoGFEmqWKEXSDQn

Score

10^/10

redline 9-5 discovery infostealer

Malware Config

Extracted

Family

redline

Botnet

9-5

C2

139.99.32.83:43199

Attributes

auth_value
637de2b47f42d9cc7912f71cb6b57b5b

Targets

- Target
  
  71d9e1a060b59e293a2e098444b63221
- Size
  
  294KB
- MD5
  
  71d9e1a060b59e293a2e098444b63221
- SHA1
  
  5fde17a9e0b83c7e994bfa433eabd821f7589528
- SHA256
  
  989079c4efa222424d97d1e0e763defcdba4c0e83aaf06cbe31b71f7e38afb71
- SHA512
  
  11fa8b09b2cb68d48d9d54d592a4a60d86801df173ab5eafc0b1f28c26efb6c3b4b5257188d98ce1a758d25bb8645a0909ffe13fc86c2cd529d2710cd32200a6
- SSDEEP
  
  6144:iWgfoGFED9pK4gzrAOcWKEXdklSzMkfn5:iZfoGFEmqWKEXSDQn
Score

10^/10

redline 9-5 discovery infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

redline9-5discoveryinfostealer