redline | 9f226243336a6c2150017ca7faa116f9bcb7cb694acc470e3fa1e2cfedba5d8e | Triage

Submit
Reports

Overview

overview

Static

static

1

9f22624333...8e.exe

windows7-x64

9f22624333...8e.exe

windows10-2004-x64

Sharing

General

Target

9f226243336a6c2150017ca7faa116f9bcb7cb694acc470e3fa1e2cfedba5d8e.exe
Size

4.3MB
Sample

241219-d25r2swjdw
MD5

e6a13f9bc436e5044cf60bec98de08ce
SHA1

0431ccb9dc9a11fd5cdf7d4c6d06690fa63a06c4
SHA256

9f226243336a6c2150017ca7faa116f9bcb7cb694acc470e3fa1e2cfedba5d8e
SHA512

42ffb0c7921d0b11adef6a8629182fdee50063cdbb01b24b7cfcf7d9f8b656a4b3acbdfa2d8746dc19314437cec5f196cd15f839d003423baf17012f41e9df48
SSDEEP

49152:Dkeyje0el3LoloP8msaSDVX9u6kX2wVtIyA9v5Ody8bbbW6AsrfkMx:DJfl8llvaqVX2VtlAD0ssLH

Score

10^/10

redline am discovery infostealer

Static task

static1

Behavioral task

behavioral1

Sample

9f226243336a6c2150017ca7faa116f9bcb7cb694acc470e3fa1e2cfedba5d8e.exe

Resource

win7-20240903-en

redline am discovery infostealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

9f226243336a6c2150017ca7faa116f9bcb7cb694acc470e3fa1e2cfedba5d8e.exe

Resource

win10v2004-20241007-en

redline am discovery infostealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

am

C2

185.215.113.25:13686

Targets

- Target
  
  9f226243336a6c2150017ca7faa116f9bcb7cb694acc470e3fa1e2cfedba5d8e.exe
- Size
  
  4.3MB
- MD5
  
  e6a13f9bc436e5044cf60bec98de08ce
- SHA1
  
  0431ccb9dc9a11fd5cdf7d4c6d06690fa63a06c4
- SHA256
  
  9f226243336a6c2150017ca7faa116f9bcb7cb694acc470e3fa1e2cfedba5d8e
- SHA512
  
  42ffb0c7921d0b11adef6a8629182fdee50063cdbb01b24b7cfcf7d9f8b656a4b3acbdfa2d8746dc19314437cec5f196cd15f839d003423baf17012f41e9df48
- SSDEEP
  
  49152:Dkeyje0el3LoloP8msaSDVX9u6kX2wVtIyA9v5Ody8bbbW6AsrfkMx:DJfl8llvaqVX2VtlAD0ssLH
Score

10^/10

redline am discovery infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineamdiscoveryinfostealer

behavioral2

redlineamdiscoveryinfostealer

© 2018-2025

Terms | Privacy