redline | 5532f3699b01676915cc083ea7fcc3d5bd5b1bf0299a15ea67d0970d26ba4231 | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...47.exe

windows7-x64

JaffaCakes...47.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_4e58efca0bde915039a18b545e4b5d47
Size

382KB
Sample

250101-khk2vssndp
MD5

4e58efca0bde915039a18b545e4b5d47
SHA1

b79f5ad49c5074c902babd13b44985bf07a6a8b9
SHA256

5532f3699b01676915cc083ea7fcc3d5bd5b1bf0299a15ea67d0970d26ba4231
SHA512

28174222e30bc064142db5ac15d2012bab34df9f9d28d5ceca5bf785e6ccdc06c911f141557604b5162a3799b10ac5088bc90858893f4837e3c3daaff74fad0d
SSDEEP

6144:t8hS1XX5zUMAUVa8UaO23q/YkUv/BnBX1oz0E+Z:eE1XX5YMAUVa8UaO23q/pUv/BnBX6z0N

Score

10^/10

redline jameshook discovery infostealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_4e58efca0bde915039a18b545e4b5d47.exe

Resource

win7-20241010-en

redline jameshook discovery infostealer

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_4e58efca0bde915039a18b545e4b5d47.exe

Resource

win10v2004-20241007-en

redline jameshook discovery infostealer

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

jameshook

C2

135.181.129.119:4805

Attributes

auth_value
b69102cdbd4afe2d3159f88fb6dac731

Targets

- Target
  
  JaffaCakes118_4e58efca0bde915039a18b545e4b5d47
- Size
  
  382KB
- MD5
  
  4e58efca0bde915039a18b545e4b5d47
- SHA1
  
  b79f5ad49c5074c902babd13b44985bf07a6a8b9
- SHA256
  
  5532f3699b01676915cc083ea7fcc3d5bd5b1bf0299a15ea67d0970d26ba4231
- SHA512
  
  28174222e30bc064142db5ac15d2012bab34df9f9d28d5ceca5bf785e6ccdc06c911f141557604b5162a3799b10ac5088bc90858893f4837e3c3daaff74fad0d
- SSDEEP
  
  6144:t8hS1XX5zUMAUVa8UaO23q/YkUv/BnBX1oz0E+Z:eE1XX5YMAUVa8UaO23q/pUv/BnBX6z0N
Score

10^/10

redline jameshook discovery infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinejameshookdiscoveryinfostealer

behavioral2

redlinejameshookdiscoveryinfostealer

© 2018-2025

Terms | Privacy