redline | a66eb9a28cee5f79ab9233ba536c4e48b2323b3f0b2904f9565c8a83e4d313fe | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...72.exe

windows7-x64

JaffaCakes...72.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_50e1a9dfd735a8a2dcd03a5d8ba11559bea36872
Size

664.0MB
Sample

241230-aez2ha1ncl
MD5

56a9cc556873746b9aa24690021cc630
SHA1

50e1a9dfd735a8a2dcd03a5d8ba11559bea36872
SHA256

a66eb9a28cee5f79ab9233ba536c4e48b2323b3f0b2904f9565c8a83e4d313fe
SHA512

53f3f9546bdea23825f903743137754c01f3aa37a91d14c7da23200ff58e04f9895492ff1da97e870f55484f1c498c5844fca7b2e85922256ce5a6489eff37e0
SSDEEP

3072:QRcEDUghRlg0eeG7XLTWz5M/eKhSxRRa4ukJu8B0hVm4gMJGIVPDeCkyRNo5:K4Co0MrLTMM/XF4psnbHJXeCkuNC

Score

10^/10

redline 2037366459_99 discovery infostealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_50e1a9dfd735a8a2dcd03a5d8ba11559bea36872.exe

Resource

win7-20241010-en

redline 2037366459_99 discovery infostealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_50e1a9dfd735a8a2dcd03a5d8ba11559bea36872.exe

Resource

win10v2004-20241007-en

redline 2037366459_99 discovery infostealer

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

2037366459_99

C2

nordforest.xyz:28786

bayrak.top:28786

Attributes

auth_value
8c31b24fae1af8d4bdd38c8b8dffd2f5

Targets

- Target
  
  JaffaCakes118_50e1a9dfd735a8a2dcd03a5d8ba11559bea36872
- Size
  
  664.0MB
- MD5
  
  56a9cc556873746b9aa24690021cc630
- SHA1
  
  50e1a9dfd735a8a2dcd03a5d8ba11559bea36872
- SHA256
  
  a66eb9a28cee5f79ab9233ba536c4e48b2323b3f0b2904f9565c8a83e4d313fe
- SHA512
  
  53f3f9546bdea23825f903743137754c01f3aa37a91d14c7da23200ff58e04f9895492ff1da97e870f55484f1c498c5844fca7b2e85922256ce5a6489eff37e0
- SSDEEP
  
  3072:QRcEDUghRlg0eeG7XLTWz5M/eKhSxRRa4ukJu8B0hVm4gMJGIVPDeCkyRNo5:K4Co0MrLTMM/XF4psnbHJXeCkuNC
Score

10^/10

redline 2037366459_99 discovery infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline2037366459_99discoveryinfostealer

behavioral2

redline2037366459_99discoveryinfostealer

© 2018-2025

Terms | Privacy