redline | cf86ec6fb8852c11d296b71b30dd5d4027e51429f9be11271b3ebb518b6e56a4 | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...db.exe

windows7-x64

JaffaCakes...db.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_b8fedeefe559d6b1175303a12527c0db
Size

4.6MB
Sample

250109-ctw99swqcn
MD5

b8fedeefe559d6b1175303a12527c0db
SHA1

7600f694add7c90a291662422be8ae03f6433188
SHA256

cf86ec6fb8852c11d296b71b30dd5d4027e51429f9be11271b3ebb518b6e56a4
SHA512

d57d9e15d6a36f39e05cd425a74e8547ec405026f2bf6d20cbb25bc24c6a81e510eb75b15809f975529d00b16500e5aef28d56ad0cff83de5fc24dbe9abf47a4
SSDEEP

98304:ELBcsb5rWN7jvxt3FBT7vh5BAkjtwUGDCbYvKnfNEIEG+P:N3ZtVhb5bGDeYvaKIU

Score

10^/10

redline @frecore discovery infostealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_b8fedeefe559d6b1175303a12527c0db.exe

Resource

win7-20240729-en

redline @frecore discovery infostealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_b8fedeefe559d6b1175303a12527c0db.exe

Resource

win10v2004-20241007-en

redline @frecore discovery infostealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

@frecore

C2

185.215.113.51:56632

Attributes

auth_value
8a057b047bb60399b5cc0fa800e50e51

Targets

- Target
  
  JaffaCakes118_b8fedeefe559d6b1175303a12527c0db
- Size
  
  4.6MB
- MD5
  
  b8fedeefe559d6b1175303a12527c0db
- SHA1
  
  7600f694add7c90a291662422be8ae03f6433188
- SHA256
  
  cf86ec6fb8852c11d296b71b30dd5d4027e51429f9be11271b3ebb518b6e56a4
- SHA512
  
  d57d9e15d6a36f39e05cd425a74e8547ec405026f2bf6d20cbb25bc24c6a81e510eb75b15809f975529d00b16500e5aef28d56ad0cff83de5fc24dbe9abf47a4
- SSDEEP
  
  98304:ELBcsb5rWN7jvxt3FBT7vh5BAkjtwUGDCbYvKnfNEIEG+P:N3ZtVhb5bGDeYvaKIU
Score

10^/10

redline @frecore discovery infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline@frecorediscoveryinfostealer

behavioral2

redline@frecorediscoveryinfostealer

© 2018-2025

Terms | Privacy