redline | 7036625873b6f46b4f5785b99ae9109d1baef350157c0fa6b96090d7be7b8c0b | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...a8.exe

windows7-x64

JaffaCakes...a8.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_6bcda020c480cf797830fdcce28745a8
Size

385KB
Sample

250107-tbpadazkap
MD5

6bcda020c480cf797830fdcce28745a8
SHA1

77ba5c0afa12731ab8fcf9f9dfe9977b4ea3ac36
SHA256

7036625873b6f46b4f5785b99ae9109d1baef350157c0fa6b96090d7be7b8c0b
SHA512

d25eccdfc19ed96a3d2b86bc7a3479ed9fb2e958bd4d2b01407690867ac3f1f60e24bbde4769dc7ca61b7992975cab2a02833fc6e249abf6affb3fd78e01b423
SSDEEP

12288:3/n1Y9EKnSu5yVzo6P/XLdszJcwRFW8B/iYvwdDEgiWcSgD:369EO

Score

10^/10

redline wunlockalltooliv2.61 discovery infostealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_6bcda020c480cf797830fdcce28745a8.exe

Resource

win7-20240903-en

redline wunlockalltooliv2.61 discovery infostealer

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_6bcda020c480cf797830fdcce28745a8.exe

Resource

win10v2004-20241007-en

redline wunlockalltooliv2.61 discovery infostealer

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

WUnlockAllToolIV2.61

C2

185.215.113.55:36801

Attributes

auth_value
5c57f1eb36bb351b7007ba406bba7afc

Targets

- Target
  
  JaffaCakes118_6bcda020c480cf797830fdcce28745a8
- Size
  
  385KB
- MD5
  
  6bcda020c480cf797830fdcce28745a8
- SHA1
  
  77ba5c0afa12731ab8fcf9f9dfe9977b4ea3ac36
- SHA256
  
  7036625873b6f46b4f5785b99ae9109d1baef350157c0fa6b96090d7be7b8c0b
- SHA512
  
  d25eccdfc19ed96a3d2b86bc7a3479ed9fb2e958bd4d2b01407690867ac3f1f60e24bbde4769dc7ca61b7992975cab2a02833fc6e249abf6affb3fd78e01b423
- SSDEEP
  
  12288:3/n1Y9EKnSu5yVzo6P/XLdszJcwRFW8B/iYvwdDEgiWcSgD:369EO
Score

10^/10

redline wunlockalltooliv2.61 discovery infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinewunlockalltooliv2.61discoveryinfostealer

behavioral2

redlinewunlockalltooliv2.61discoveryinfostealer

© 2018-2025

Terms | Privacy