redline | f755fcaa03d47b3a0066b086b32a5f4acfb6fbe7205c3f084500d2bed603dee2 | Triage

Submit
Reports

Overview

overview

Static

static

3

f755fcaa03...e2.exe

windows7-x64

f755fcaa03...e2.exe

windows10-2004-x64

Sharing

General

Target

f755fcaa03d47b3a0066b086b32a5f4acfb6fbe7205c3f084500d2bed603dee2.exe
Size

386KB
Sample

241122-mqfs8ayphv
MD5

5dd353806b2a7c0488ad283521d3a617
SHA1

46139cee8aa5649d4ba2ac6f7fe1e8d515462b58
SHA256

f755fcaa03d47b3a0066b086b32a5f4acfb6fbe7205c3f084500d2bed603dee2
SHA512

1ebd178c5c86d2faa88d96db2da20c093112bbff1479b3cf55c6a0c9a95cf55c87cbcf3316f02f013ddfa6d9319b210a654c04164ce336f43662a906b0196a00
SSDEEP

12288:G/I169Esn3uaHsxoMsA/XCgcIs4MEOGJ/iI9LJdDEYE2:G19E9Dz

Score

10^/10

redline james222 discovery infostealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f755fcaa03d47b3a0066b086b32a5f4acfb6fbe7205c3f084500d2bed603dee2.exe

Resource

win7-20240903-en

redline james222 discovery infostealer

windows7-x64

6 signatures

120 seconds

Behavioral task

behavioral2

Sample

f755fcaa03d47b3a0066b086b32a5f4acfb6fbe7205c3f084500d2bed603dee2.exe

Resource

win10v2004-20241007-en

redline james222 discovery infostealer

windows10-2004-x64

6 signatures

120 seconds

Malware Config

Extracted

Family

redline

Botnet

james222

C2

135.181.129.119:4805

Attributes

auth_value
b69102cdbd4afe2d3159f88fb6dac731

Targets

- Target
  
  f755fcaa03d47b3a0066b086b32a5f4acfb6fbe7205c3f084500d2bed603dee2.exe
- Size
  
  386KB
- MD5
  
  5dd353806b2a7c0488ad283521d3a617
- SHA1
  
  46139cee8aa5649d4ba2ac6f7fe1e8d515462b58
- SHA256
  
  f755fcaa03d47b3a0066b086b32a5f4acfb6fbe7205c3f084500d2bed603dee2
- SHA512
  
  1ebd178c5c86d2faa88d96db2da20c093112bbff1479b3cf55c6a0c9a95cf55c87cbcf3316f02f013ddfa6d9319b210a654c04164ce336f43662a906b0196a00
- SSDEEP
  
  12288:G/I169Esn3uaHsxoMsA/XCgcIs4MEOGJ/iI9LJdDEYE2:G19E9Dz
Score

10^/10

redline james222 discovery infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinejames222discoveryinfostealer

behavioral2

redlinejames222discoveryinfostealer

© 2018-2024

Terms | Privacy