redline | 40ba3fecbb83d20040de0ebba581d3874aaabc7f831d767afd846120a693d4bb | Triage

Submit
Reports

Overview

overview

Static

static

1

JaffaCakes...bb.exe

windows7-x64

JaffaCakes...bb.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_40ba3fecbb83d20040de0ebba581d3874aaabc7f831d767afd846120a693d4bb
Size

788.0MB
Sample

241221-1v95hs1kbx
MD5

4b5aac23177e4025904694536bfdffbf
SHA1

0712b3545a92eea6173b5244ed56438ff391775e
SHA256

40ba3fecbb83d20040de0ebba581d3874aaabc7f831d767afd846120a693d4bb
SHA512

397f54fc4ab75fc2424844dd4c672e01a62c350e0d8e72ea178da92ee3684f7de27fdc8576064aadc87a45beb6afd9d0bd7f4073422d49c1068e44db611a416b
SSDEEP

3145728:K/VEoseAyU5iFSWLTtsB6zrZDIXQKs9ePv:K/VEbeAyUoFSWLyqlDlKs9ePv

Score

10^/10

redline @mossad_rat2 discovery infostealer

Static task

static1

Behavioral task

behavioral1

Sample

JaffaCakes118_40ba3fecbb83d20040de0ebba581d3874aaabc7f831d767afd846120a693d4bb.exe

Resource

win7-20240903-en

redline @mossad_rat2 discovery infostealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_40ba3fecbb83d20040de0ebba581d3874aaabc7f831d767afd846120a693d4bb.exe

Resource

win10v2004-20241007-en

redline @mossad_rat2 discovery infostealer

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

@mossad_rat2

C2

94.142.138.191:2369

Attributes

auth_value
9c14ebaa47bb822162e82a6441198c73

Targets

- Target
  
  JaffaCakes118_40ba3fecbb83d20040de0ebba581d3874aaabc7f831d767afd846120a693d4bb
- Size
  
  788.0MB
- MD5
  
  4b5aac23177e4025904694536bfdffbf
- SHA1
  
  0712b3545a92eea6173b5244ed56438ff391775e
- SHA256
  
  40ba3fecbb83d20040de0ebba581d3874aaabc7f831d767afd846120a693d4bb
- SHA512
  
  397f54fc4ab75fc2424844dd4c672e01a62c350e0d8e72ea178da92ee3684f7de27fdc8576064aadc87a45beb6afd9d0bd7f4073422d49c1068e44db611a416b
- SSDEEP
  
  3145728:K/VEoseAyU5iFSWLTtsB6zrZDIXQKs9ePv:K/VEbeAyUoFSWLyqlDlKs9ePv
Score

10^/10

redline @mossad_rat2 discovery infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline@mossad_rat2discoveryinfostealer

behavioral2

redline@mossad_rat2discoveryinfostealer

© 2018-2024

Terms | Privacy