redline | c063b15b658dc5eec8a2db41186787d7ae9e55cab27dd199300423d78ef670fd | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...30.exe

windows7-x64

JaffaCakes...30.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_197ef45c604fe013ce01b1578476fc30
Size

4.6MB
Sample

250106-khdmsatrbk
MD5

197ef45c604fe013ce01b1578476fc30
SHA1

31a0d3d434599acb177e8c11d4a1121c978477e4
SHA256

c063b15b658dc5eec8a2db41186787d7ae9e55cab27dd199300423d78ef670fd
SHA512

4dfd55032b48f5d4cd52d7963d37a9a355cf79f9a40a617925b47a411abac871f525fa4650101b05c047431e4f2c53e90ff1bc01502de24e0b4b4d95e51fbec7
SSDEEP

98304:ULQ3NTjpEZgubqwZoB2vjjl/AWyKoDaF/x/yYZKB2+3F5cafZZ5M6mCZPwBKju:59rubi2LjKWvASxybc+1DZ591BYK

Score

10^/10

redline @f0lser discovery infostealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_197ef45c604fe013ce01b1578476fc30.exe

Resource

win7-20240903-en

redline @f0lser discovery infostealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_197ef45c604fe013ce01b1578476fc30.exe

Resource

win10v2004-20241007-en

redline @f0lser discovery infostealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

@F0lser

C2

5.188.118.163:80

Attributes

auth_value
9bde7608ef33d6cbd8c01687cdd53196

Targets

- Target
  
  JaffaCakes118_197ef45c604fe013ce01b1578476fc30
- Size
  
  4.6MB
- MD5
  
  197ef45c604fe013ce01b1578476fc30
- SHA1
  
  31a0d3d434599acb177e8c11d4a1121c978477e4
- SHA256
  
  c063b15b658dc5eec8a2db41186787d7ae9e55cab27dd199300423d78ef670fd
- SHA512
  
  4dfd55032b48f5d4cd52d7963d37a9a355cf79f9a40a617925b47a411abac871f525fa4650101b05c047431e4f2c53e90ff1bc01502de24e0b4b4d95e51fbec7
- SSDEEP
  
  98304:ULQ3NTjpEZgubqwZoB2vjjl/AWyKoDaF/x/yYZKB2+3F5cafZZ5M6mCZPwBKju:59rubi2LjKWvASxybc+1DZ591BYK
Score

10^/10

redline @f0lser discovery infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline@f0lserdiscoveryinfostealer

behavioral2

redline@f0lserdiscoveryinfostealer

© 2018-2025

Terms | Privacy