redline | 16dad4519d9152ab6089dbf1f5987b1a1041921281e0b7ea023240e3a8614a59 | Triage

Sharing

General

Target

JaffaCakes118_a594066602971fd490314deb88063efb
Size

984KB
Sample

250108-xctg9s1lbk
MD5

a594066602971fd490314deb88063efb
SHA1

0dd8615ee4371ccaa38de79660256f5071b17894
SHA256

16dad4519d9152ab6089dbf1f5987b1a1041921281e0b7ea023240e3a8614a59
SHA512

f3ea04655dccb0b10192b1c97421037514e9f41585548f38f99963f18d973831cdd5ea87f7b173b7a20bd36b43fef9fc61a927a2e83e75d569d1384b79d9445f
SSDEEP

12288:03WgJqjG0r5++N5uTLxeTfUfck9X72YEhl4Wmif44fh1bBS/YOBLRJOtVTpM/M6:4LL4o+NUQfUUkl2thqWmczJlBdw6thO3

Score

10^/10

redline 23102021new discovery infostealer

Malware Config

Extracted

Family

redline

Botnet

23102021new

C2

188.34.188.23:4220

Attributes

auth_value
1501dce2232cf802a139f7a7bebc49b2

Targets

- Target
  
  Setup.exe
- Size
  
  333.8MB
- MD5
  
  e1752b67d6336d141615d1842698ecfe
- SHA1
  
  216bf305f1cf34d7e5ffba36b280494b7b03cdf0
- SHA256
  
  cd1ae60f06cb76918ef4f3aecb47685214554d4301e975b6b396bf9e0cefe413
- SHA512
  
  9a41ab35393012c3f3b85e9d4d026b45f0d9c1cfa0700e79f0bc4dc93d28ae7e734fe07f991ec0de6fc44999e7c2f7abe054eea26d806f0fb72716be120d7530
- SSDEEP
  
  24576:g+Oq98FUtTXXP+XNPHHMDcFOeRNaiI/nfRZUapYgFONREJdUo:gI9TtxcFZRNyZUFEONw9
Score

10^/10

redline 23102021new discovery infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline23102021newdiscoveryinfostealer

behavioral2

redline23102021newdiscoveryinfostealer