General

  • Target

    1212-65-0x00000000004A0000-0x00000000004C0000-memory.dmp

  • Size

    128KB

  • Sample

    220516-j4h9qaadaj

  • MD5

    77b49c81d784041d22770dbfeba1c7a8

  • SHA1

    226bbfa4106903b2abd5258570a50015735470dd

  • SHA256

    c0c4c8b30747f29c680f7ce6dac8440f526cdddcb800ef69a6c2cd44077af2dc

  • SHA512

    e2e3869e577372f911a03eb36012acf708dc19f4f8592e99a478cfc11791980e5465bc222ed21e873d49193cb2aae30e3477d4da4269512733cda5d2ab2b032d

Malware Config

Extracted

Family

redline

Botnet

Install

C2

176.10.119.117:27038

Attributes
auth_value
701b6467f584b2d5c52fa31ecce6761d

Targets

    • Target

      1212-65-0x00000000004A0000-0x00000000004C0000-memory.dmp

    • Size

      128KB

    • MD5

      77b49c81d784041d22770dbfeba1c7a8

    • SHA1

      226bbfa4106903b2abd5258570a50015735470dd

    • SHA256

      c0c4c8b30747f29c680f7ce6dac8440f526cdddcb800ef69a6c2cd44077af2dc

    • SHA512

      e2e3869e577372f911a03eb36012acf708dc19f4f8592e99a478cfc11791980e5465bc222ed21e873d49193cb2aae30e3477d4da4269512733cda5d2ab2b032d

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

            Execution

              Exfiltration

                Impact

                  Initial Access

                    Lateral Movement

                      Persistence

                        Privilege Escalation