redline | f765257cc7efcfebc26c83910e8e21ce3207c832ed150a3c595bf8597236fcba | Triage

Sharing

General

Target

JaffaCakes118_acf9d298548298c750994ff5c6799fc3c6650dd1826c426bba6dcb8d71bfc4fe
Size

783KB
Sample

241229-nvq1es1jgv
MD5

760fd2355ddb07141feb06017ff011f1
SHA1

c640b2a9acb7186011adc001019e9ff81c44a8c1
SHA256

f765257cc7efcfebc26c83910e8e21ce3207c832ed150a3c595bf8597236fcba
SHA512

404273e598513109c6d9864482a6be948c0f090639e89f7a988e08b1eb483617243701dc83c504c501feb58645f4b1b9f2410c064da55efdc12e0eb775de0faf
SSDEEP

24576:j60qb31Y3qQNENOJSIgGQUwyFppf2ggOkz:jZqb31PQNj1b5wEgggOkz

Score

10^/10

redline discovery infostealer

Malware Config

Extracted

Family

redline

C2

45.155.204.124:23180

Attributes

auth_value
cd29bcf359b92be30552286f1ae0cfa3

Targets

- Target
  
  Setup/DirectX2D.dll
- Size
  
  74KB
- MD5
  
  8007e86641d16e884bf59012f5ba6e21
- SHA1
  
  6ef0792bb5262bdd890ec0547cc4b882f1ec732c
- SHA256
  
  71c6dc21f24ac87f16a0ecac17bb2fa135962af2df7c8dae8e2e3cd669ddde8d
- SHA512
  
  3bedd9c7786eb882bc1b2225e8bff51447cf7a8de541757a49f2390212025662cc4b9b3afa225d5732f8f48e5dedc82346fd4d88bb4df4b33fbefbfb56179c2a
- SSDEEP
  
  1536:N9rxMjLwEdysf5Oxcb7+9CTSj5vcvwLQb5kk9khkgxDg9nHxLghp:swE1cu7+9CTW5UvkQbeLxDgFk
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  Setup/Serilog.dll
- Size
  
  125KB
- MD5
  
  181f3e3d0c509566283156816eb317ca
- SHA1
  
  400debdd4fb9ae24719157132a87c4bfeff7fa6c
- SHA256
  
  db0a4c4a21a1ba0937d1c22095c2b0702422efd4c7a41aaa577608288a2e69fc
- SHA512
  
  039d5a0013d6f0e916a86baa95452d79d4524f5c83b913170daa73e1333b2d424c0d9a74193e71ede3a0866b778781c57993806baa08833d11df825626e6d667
- SSDEEP
  
  3072:6obKO7RaoWuUeZk/f0Sh1HlWZm1ZZTdyGFkNUMT+P65jDt:bbKKz1UeZk/Phv8lDuPa
Score

1^/10
behavioral3 behavioral4
- Target
  
  Setup/Setup.exe
- Size
  
  715.6MB
- MD5
  
  51a73f99875a45e7f917a9767504e10a
- SHA1
  
  67092a465898e364823eceb58b78d42aa732896c
- SHA256
  
  acf9d298548298c750994ff5c6799fc3c6650dd1826c426bba6dcb8d71bfc4fe
- SHA512
  
  5bd29fb25e9844888cfa2d22b08fd47e77a2e71302affc045e0b13f46dc43be0b8b776bb6a855ea6d92394738edd897886ea9c803e1358425561679eef9d8bd5
- SSDEEP
  
  6144:eOa7aZIBhvK5VpCNjXXnKwrKEAO8WD0IKhYh3wXs+Jd8GD6t:eONZIBhU+frXmhUXGDa
Score

10^/10

redline discovery infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Suspicious use of SetThreadContext
behavioral5 behavioral6
- Target
  
  Setup/SevenZip.dll
- Size
  
  49KB
- MD5
  
  11eb138db53f5896f3cf95144d04132a
- SHA1
  
  204fd914b84630366c3a656254f39a99a884d8d4
- SHA256
  
  f80c92ce064a19d514cdaaf1838244f203c188462d26119df7b408291d68f8b8
- SHA512
  
  da60124b8c95e6bc7d123def35e61041f567df57401737ad3fdaeef12140d2a6410eedf6cd29889f401cae4cff7b6c0bdd71507b2885e06cb39d75da42bd63d5
- SSDEEP
  
  1536:Pyl9DERHUxDiJrVPpO+KeH8Ie1sGvLq4WMn:Kl9DGHUxDiJrRcIcsYV
Score

1^/10
behavioral7 behavioral8
- Target
  
  Setup/d2game.dll
- Size
  
  976KB
- MD5
  
  b6dde6f8a1b88fe4aae962064a6f5271
- SHA1
  
  177543d5128191e4eabeabd4e99041ff4d193652
- SHA256
  
  a9f8f9c014a760b568212c99f17f2c1b4e0e4d6082f9971d04bd3250fa931927
- SHA512
  
  8c28819c5fc8c449b1ca6b395ff35deb099a44f857be35323347834c3285c87d65067b547eb6dead26183a06499f0324445103f03ca35935a2016e2e0af09115
- SSDEEP
  
  24576:2jveAn9tcCk5sYGKbqKmKVHIhMkVdyfcoET3qU/1+:2R9tcCEsd69GoAc
Score

3^/10

discovery
behavioral10 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

redlinediscoveryinfostealer

behavioral7

behavioral8

behavioral9

behavioral10