General

  • Target

    1100-55-0x0000000002640000-0x00000000026BE000-memory.dmp

  • Size

    504KB

  • Sample

    220911-ssj7bafehk

  • MD5

    7bc0cf65d333147592b5d233d906b7d5

  • SHA1

    35bd9c0029f52206cf539765d0f0238cf2c49177

  • SHA256

    968f6722ae78735ee72f69c6625adee4d8952e617f15d7cf117863a19eef0abf

  • SHA512

    5526f7bce999fc1e605b984b923d5487a87df58fc6a06de31d63dbf8c42f9d353c3331dd5cb10e104a80d21c6b6c7e184364878931b936dc090c8c9a4f5a3c09

Malware Config

Extracted

Family

redline

Botnet

Install

C2

69.176.94.78:32241

Attributes
auth_value
262df95952285ebeabc4c91774e37776

Targets

    • Target

      1100-55-0x0000000002640000-0x00000000026BE000-memory.dmp

    • Size

      504KB

    • MD5

      7bc0cf65d333147592b5d233d906b7d5

    • SHA1

      35bd9c0029f52206cf539765d0f0238cf2c49177

    • SHA256

      968f6722ae78735ee72f69c6625adee4d8952e617f15d7cf117863a19eef0abf

    • SHA512

      5526f7bce999fc1e605b984b923d5487a87df58fc6a06de31d63dbf8c42f9d353c3331dd5cb10e104a80d21c6b6c7e184364878931b936dc090c8c9a4f5a3c09

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

            Execution

              Exfiltration

                Impact

                  Initial Access

                    Lateral Movement

                      Persistence

                        Privilege Escalation