redline | bfc71ec4fe1f69a5717a59b03cba871481dd19d4994b8a5606bbc9a949fefdbf | Triage

Sharing

General

Target

bfc71ec4fe1f69a5717a59b03cba871481dd19d4994b8a5606bbc9a949fefdbf
Size

1.9MB
Sample

241111-cqb5xszkcy
MD5

46c25ba18cdddaea601b3d54bee2b689
SHA1

8b9aa9bb9932e1d2b729f172330ed305a636c6e1
SHA256

bfc71ec4fe1f69a5717a59b03cba871481dd19d4994b8a5606bbc9a949fefdbf
SHA512

0015afc65318e2df8c070b61d9ae1e105b5d3d7599dbb4b46823c7175d9549ea175fb9dbfdb84c1bcbe73dedc29c35038f57c5195c5e279a3832066d9268d19d
SSDEEP

49152:e06m7NpA0GNJ/lU+zJwZjvjcpT+gDEvTqb8Td/pP6F:eA7UJ/5zGZjvjcQgGqYJ

Score

10^/10

redline @merlinholy discovery infostealer

Malware Config

Extracted

Family

redline

Botnet

@merlinholy

C2

185.189.167.123:37360

Attributes

auth_value
9c36b63cccb3eade62bdc17519c7bd37

Targets

- Target
  
  bfc71ec4fe1f69a5717a59b03cba871481dd19d4994b8a5606bbc9a949fefdbf
- Size
  
  1.9MB
- MD5
  
  46c25ba18cdddaea601b3d54bee2b689
- SHA1
  
  8b9aa9bb9932e1d2b729f172330ed305a636c6e1
- SHA256
  
  bfc71ec4fe1f69a5717a59b03cba871481dd19d4994b8a5606bbc9a949fefdbf
- SHA512
  
  0015afc65318e2df8c070b61d9ae1e105b5d3d7599dbb4b46823c7175d9549ea175fb9dbfdb84c1bcbe73dedc29c35038f57c5195c5e279a3832066d9268d19d
- SSDEEP
  
  49152:e06m7NpA0GNJ/lU+zJwZjvjcpT+gDEvTqb8Td/pP6F:eA7UJ/5zGZjvjcQgGqYJ
Score

10^/10

redline @merlinholy discovery infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

redline@merlinholydiscoveryinfostealer