redline | c846bb3066d8cb098f741f44b609b014faca34bf69cd5b920406926a1307b529 | Triage

Submit
Reports

Overview

overview

Static

static

7

JaffaCakes...29.exe

windows7-x64

JaffaCakes...29.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_c846bb3066d8cb098f741f44b609b014faca34bf69cd5b920406926a1307b529
Size

815.4MB
Sample

241229-frqlgstkh1
MD5

1b89f41b2fa715e21f2385a22b395bad
SHA1

deffcc2ac68533033e4ff2a339b23bac8897cb11
SHA256

c846bb3066d8cb098f741f44b609b014faca34bf69cd5b920406926a1307b529
SHA512

7b3cd4ba85cf34d8f6298ad9b6e660026c14fa98a3776c11c907637dd1a1cc5277dfad5bfef1402920d21aba04e74c63518d40c2b522beac74b77c851780e9c2
SSDEEP

196608:LN3GV20tTo7C+q90iR2raEsBJdJKzK9ZmBu4lGKDVP:LBGw0to7xq9pR7nxklz1

Score

10^/10

redline @trenori discovery infostealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_c846bb3066d8cb098f741f44b609b014faca34bf69cd5b920406926a1307b529.exe

Resource

win7-20240903-en

redline @trenori discovery infostealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_c846bb3066d8cb098f741f44b609b014faca34bf69cd5b920406926a1307b529.exe

Resource

win10v2004-20241007-en

redline @trenori discovery infostealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

@trenori

C2

82.115.223.46:57672

Attributes

auth_value
2501431a8c3ad285c2c38c8c52a8ea09

Targets

- Target
  
  JaffaCakes118_c846bb3066d8cb098f741f44b609b014faca34bf69cd5b920406926a1307b529
- Size
  
  815.4MB
- MD5
  
  1b89f41b2fa715e21f2385a22b395bad
- SHA1
  
  deffcc2ac68533033e4ff2a339b23bac8897cb11
- SHA256
  
  c846bb3066d8cb098f741f44b609b014faca34bf69cd5b920406926a1307b529
- SHA512
  
  7b3cd4ba85cf34d8f6298ad9b6e660026c14fa98a3776c11c907637dd1a1cc5277dfad5bfef1402920d21aba04e74c63518d40c2b522beac74b77c851780e9c2
- SSDEEP
  
  196608:LN3GV20tTo7C+q90iR2raEsBJdJKzK9ZmBu4lGKDVP:LBGw0to7xq9pR7nxklz1
Score

10^/10

redline @trenori discovery infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline@trenoridiscoveryinfostealer

behavioral2

redline@trenoridiscoveryinfostealer

© 2018-2025

Terms | Privacy