General

  • Target

    56da9aa053adec2eb685d9f81532ad23

  • Size

    491KB

  • Sample

    220208-fctpladdeq

  • MD5

    56da9aa053adec2eb685d9f81532ad23

  • SHA1

    58e47cd4abf19c6a2ddc5d5dc2cbad2e90f68a32

  • SHA256

    18354bab9009498b48010c0acb0eba274eba5b9d27f197b773b9c376d7932167

  • SHA512

    a7526356ae35dc95d0c90fbb5779db0fe01b1f09a00553e064bbf53310e881215aa00256558fdf3ff7f457f450dd23c5b5b009b59da5625cc78cae76ff376a36

Malware Config

Extracted

Family

redline

Botnet

GIZMIK

C2

185.215.113.107:1433

Attributes
  • auth_value

    b9102ed52a68ee77f4e68f740474332e

Targets

    • Target

      56da9aa053adec2eb685d9f81532ad23

    • Size

      491KB

    • MD5

      56da9aa053adec2eb685d9f81532ad23

    • SHA1

      58e47cd4abf19c6a2ddc5d5dc2cbad2e90f68a32

    • SHA256

      18354bab9009498b48010c0acb0eba274eba5b9d27f197b773b9c376d7932167

    • SHA512

      a7526356ae35dc95d0c90fbb5779db0fe01b1f09a00553e064bbf53310e881215aa00256558fdf3ff7f457f450dd23c5b5b009b59da5625cc78cae76ff376a36

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks