redline | 4b0d4dae40a44aeed7aa5c1acc2cf54d1acc9c4593e157e3efe6b60de9a7f7b5 | Triage

Sharing

General

Target

4b0d4dae40a44aeed7aa5c1acc2cf54d1acc9c4593e157e3efe6b60de9a7f7b5N.exe
Size

526KB
Sample

250104-vj93gszqhn
MD5

0d92927376ac651ea5b05583fc1cbb10
SHA1

22976bf43ebdf851673632604133e00368edacf5
SHA256

4b0d4dae40a44aeed7aa5c1acc2cf54d1acc9c4593e157e3efe6b60de9a7f7b5
SHA512

8cd5542646be28bf51e22f5aaf4b4fdf3f47c8c2d26a2d31490337322fd14fe2b7816dbd070cd37cccab6f500c598ff54126672d776c0b5646a58e0601e88ccd
SSDEEP

6144:BhH+UYRgj0ZeGQowcinJxgxSsUNokSUovqPebiVQgufAvn3/jjBazsfJV/r5a4eF:MZeGbiPGiVy+hfv/r5nePQQ

Score

10^/10

redline discovery infostealer

Malware Config

Extracted

Family

redline

C2

185.196.9.26:6302

Targets

- Target
  
  4b0d4dae40a44aeed7aa5c1acc2cf54d1acc9c4593e157e3efe6b60de9a7f7b5N.exe
- Size
  
  526KB
- MD5
  
  0d92927376ac651ea5b05583fc1cbb10
- SHA1
  
  22976bf43ebdf851673632604133e00368edacf5
- SHA256
  
  4b0d4dae40a44aeed7aa5c1acc2cf54d1acc9c4593e157e3efe6b60de9a7f7b5
- SHA512
  
  8cd5542646be28bf51e22f5aaf4b4fdf3f47c8c2d26a2d31490337322fd14fe2b7816dbd070cd37cccab6f500c598ff54126672d776c0b5646a58e0601e88ccd
- SSDEEP
  
  6144:BhH+UYRgj0ZeGQowcinJxgxSsUNokSUovqPebiVQgufAvn3/jjBazsfJV/r5a4eF:MZeGbiPGiVy+hfv/r5nePQQ
Score

10^/10

discovery redline infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

redlinediscoveryinfostealer