General

  • Target

    VPN_Free.exe

  • Size

    2.0MB

  • Sample

    210524-fa4yewv4ex

  • MD5

    831d4e7f62efecd2fc159074383b965b

  • SHA1

    4856dbaebf644b83f620fff1666f8553ad47d9b5

  • SHA256

    be394c34bc2d5f532f3ddac7e2d692c60401d71858d4ae2f077af559f33ef772

  • SHA512

    6e60c373cb7ace5666507dd58bf39c4c92346c070f6c4a2d62cd5966dd84bddee89034ba3ee4cce52df74fc0b0aede68d49fea29ee24f9698833905c853c88e8

Malware Config

Extracted

Family

redline

Botnet

VPNFree

C2

80.92.205.112:81

Targets

    • Target

      VPN_Free.exe

    • Size

      2.0MB

    • MD5

      831d4e7f62efecd2fc159074383b965b

    • SHA1

      4856dbaebf644b83f620fff1666f8553ad47d9b5

    • SHA256

      be394c34bc2d5f532f3ddac7e2d692c60401d71858d4ae2f077af559f33ef772

    • SHA512

      6e60c373cb7ace5666507dd58bf39c4c92346c070f6c4a2d62cd5966dd84bddee89034ba3ee4cce52df74fc0b0aede68d49fea29ee24f9698833905c853c88e8

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks