General

  • Target

    59a8083391f2d47e161cf0caa51da1ea77898657941279135a3a66e10dfc1237

  • Size

    465KB

  • Sample

    220226-3haj8schbn

  • MD5

    c71425e3cc3c2e52e15f6554d510e6a8

  • SHA1

    136db115777778a0ecb9d459d3ace8c98542aafb

  • SHA256

    59a8083391f2d47e161cf0caa51da1ea77898657941279135a3a66e10dfc1237

  • SHA512

    b0838277e82abe6e2df4cbf899d72c7faf92874800a6dd5fae4f9b6effa45543cbcd5cca934c351942ddfb52db3a0fc399199d7497faa079e8ed82ad77c536ba

Score
10/10

Malware Config

Extracted

Family

redline

Botnet

yt

C2

65.21.1.119:24371

Attributes
auth_value
a7960fdd4739462c8f9231095a524ac3

Targets

    • Target

      59a8083391f2d47e161cf0caa51da1ea77898657941279135a3a66e10dfc1237

    • Size

      465KB

    • MD5

      c71425e3cc3c2e52e15f6554d510e6a8

    • SHA1

      136db115777778a0ecb9d459d3ace8c98542aafb

    • SHA256

      59a8083391f2d47e161cf0caa51da1ea77898657941279135a3a66e10dfc1237

    • SHA512

      b0838277e82abe6e2df4cbf899d72c7faf92874800a6dd5fae4f9b6effa45543cbcd5cca934c351942ddfb52db3a0fc399199d7497faa079e8ed82ad77c536ba

    Score
    10/10
    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation

                        Tasks