redline

General

Target

JaffaCakes118_f9262caed7ba0fc77e871e26d9a5b4eb
Size

4.6MB
Sample

250111-gy4x5ayjay
MD5

f9262caed7ba0fc77e871e26d9a5b4eb
SHA1

5455ad3b1de9eee55ec776d0e220bdf8488ff7d1
SHA256

fafa2c77937e7b14af1d156fd7a188c74833f34a45ceb8ce241c7c991e1dea58
SHA512

d2aca65022e175d2f01e624bf3b07158354262d1355b488d453fd5e9482a262cdddf9d546ca2270c63745ee24cab84f373cf285a8ef644c3b459b24088d2501c
SSDEEP

98304:/q8eNY5p0ExtC6RpPwVsniC5u/BDLTABEp0moOjtchG8cV:/qup0Ex8ArMdPABEp0pAKhGVV

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

@hatake03

C2

95.181.152.6:46927

Attributes

auth_value
cdf3919a262c0d6ba99116b375d7551c

Targets

- Target
  
  JaffaCakes118_f9262caed7ba0fc77e871e26d9a5b4eb
- Size
  
  4.6MB
- MD5
  
  f9262caed7ba0fc77e871e26d9a5b4eb
- SHA1
  
  5455ad3b1de9eee55ec776d0e220bdf8488ff7d1
- SHA256
  
  fafa2c77937e7b14af1d156fd7a188c74833f34a45ceb8ce241c7c991e1dea58
- SHA512
  
  d2aca65022e175d2f01e624bf3b07158354262d1355b488d453fd5e9482a262cdddf9d546ca2270c63745ee24cab84f373cf285a8ef644c3b459b24088d2501c
- SSDEEP
  
  98304:/q8eNY5p0ExtC6RpPwVsniC5u/BDLTABEp0moOjtchG8cV:/qup0Ex8ArMdPABEp0pAKhGVV
Score

10^/10

redline @hatake03 discovery execution infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $TEMP/Selfconvened.exe
- Size
  
  4.5MB
- MD5
  
  64b5e984fda860eedf19c29a124094fb
- SHA1
  
  760c195741989e17b48ad52c13bed35e8ea51692
- SHA256
  
  1f47c67d3baa635c4b7dd2bfed0a26a6bd499c3ab5a64d10b391a52e7d71ba39
- SHA512
  
  187dbbc7137db41da77dd5c3d1471f82b157d031653109632adb9c49ea519f452b661cfd1845512661dcdb3b00bf2a02b2c3504406fb19ad89b06fcd6afee4e4
- SSDEEP
  
  98304:xLIWL25lsofrCgl5PmHGjCYv8LHPrVWPa5Qwy:Fslsofuit0bJWPa5QJ
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral3 behavioral4
- Target
  
  $TEMP/qT5w4MkRQwNB.exe
- Size
  
  836KB
- MD5
  
  b1053be5f3586f6785a57c911addc48c
- SHA1
  
  712b1ed92154916d48d20476cf7ff12da0c57609
- SHA256
  
  e0c190537e74cb9253f2bf68203513de2a258ef427dbff8552310d8767adf71c
- SHA512
  
  1d5b0f9c40ea2796b65835e11b1dff542d38607558dd903a922a3dea0f5e3ac117b6dcb597710d5c36851e737b1dce8069b94cff87b18c517928bcc9645eb7f4
- SSDEEP
  
  12288:8TxETvPX2P3+6OCKLSx/XH5Zf6Rhcar4+QR5cepnSCdeTnEFMwuOqjYd:w+Tv+PO6OsxPTM94TSCdeKMwqjYd
Score

10^/10

redline @hatake03 discovery infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
behavioral5 behavioral6