redline | a5424b26b1d591329fdd2e9f870f9e1b3651abddd96235d786b65bb5399b16e6 | Triage

Sharing

General

Target

JaffaCakes118_a5424b26b1d591329fdd2e9f870f9e1b3651abddd96235d786b65bb5399b16e6
Size

688.0MB
Sample

241230-amhges1pbv
MD5

716477304f7ae4fc4f735dd67998d473
SHA1

485c09e07c431886f4e84ce0233c9540e13679e2
SHA256

a5424b26b1d591329fdd2e9f870f9e1b3651abddd96235d786b65bb5399b16e6
SHA512

7c8e957817d8851c6747753b19c866d0fef3c0d275f371cd50c5e64c96ccabd7284dff28591a51781f00a1b4f51f83c844b313ba2594c73c8cc571107cd25eb2
SSDEEP

6144:bXYtXJPajizlDQwyuDEOpOvAOM/68qlCl8t+OJd21R9PERlpT0/M:bXYtXUiWCmlCVZPEW/

Score

10^/10

redline discovery infostealer

Malware Config

Extracted

Family

redline

C2

193.247.144.64:6526

Attributes

auth_value
741160259faee60393efceac354d0421

Targets

- Target
  
  JaffaCakes118_a5424b26b1d591329fdd2e9f870f9e1b3651abddd96235d786b65bb5399b16e6
- Size
  
  688.0MB
- MD5
  
  716477304f7ae4fc4f735dd67998d473
- SHA1
  
  485c09e07c431886f4e84ce0233c9540e13679e2
- SHA256
  
  a5424b26b1d591329fdd2e9f870f9e1b3651abddd96235d786b65bb5399b16e6
- SHA512
  
  7c8e957817d8851c6747753b19c866d0fef3c0d275f371cd50c5e64c96ccabd7284dff28591a51781f00a1b4f51f83c844b313ba2594c73c8cc571107cd25eb2
- SSDEEP
  
  6144:bXYtXJPajizlDQwyuDEOpOvAOM/68qlCl8t+OJd21R9PERlpT0/M:bXYtXUiWCmlCVZPEW/
Score

10^/10

redline discovery infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Redline family
  redline
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinediscoveryinfostealer

behavioral2

redlinediscoveryinfostealer