General

  • Target

    438c9c3167e2eb5d8e3325c1c7b27c8beb881e07e67e52db6e86139146886c08

  • Size

    848KB

  • Sample

    220316-zrezjagdg7

  • MD5

    b4a63487a982b6bba3284225d89f25d5

  • SHA1

    e8009e282e76f9d31f2761ba073b879ce417fd00

  • SHA256

    438c9c3167e2eb5d8e3325c1c7b27c8beb881e07e67e52db6e86139146886c08

  • SHA512

    bb23f408604bbb41c6be8a04277f384cdd75e17cbe189cb593cb9b841ac23745244747736793e0bceef9b830729a5c2939c232da2c87648132dd79b6bb4618a2

Score
10/10

Malware Config

Extracted

Family

redline

Botnet

YT

C2

193.38.55.97:35200

Targets

    • Target

      438c9c3167e2eb5d8e3325c1c7b27c8beb881e07e67e52db6e86139146886c08

    • Size

      848KB

    • MD5

      b4a63487a982b6bba3284225d89f25d5

    • SHA1

      e8009e282e76f9d31f2761ba073b879ce417fd00

    • SHA256

      438c9c3167e2eb5d8e3325c1c7b27c8beb881e07e67e52db6e86139146886c08

    • SHA512

      bb23f408604bbb41c6be8a04277f384cdd75e17cbe189cb593cb9b841ac23745244747736793e0bceef9b830729a5c2939c232da2c87648132dd79b6bb4618a2

    Score
    10/10
    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

            Execution

              Exfiltration

                Impact

                  Initial Access

                    Lateral Movement

                      Persistence

                        Privilege Escalation

                          Tasks