General

  • Target

    bc7da2ff8fd88b93c62d6318a26c17a9bbc14ee658d2064140f4ccdc869764f0

  • Size

    217KB

  • Sample

    220914-mr4xfadffm

  • MD5

    a078e93cc24db2b52b41dde722aaa333

  • SHA1

    8bc2f863ebdc8334b8cf240fd21a254c754498b6

  • SHA256

    bc7da2ff8fd88b93c62d6318a26c17a9bbc14ee658d2064140f4ccdc869764f0

  • SHA512

    3156512dfe0316d251b19e0d9c643c8377f5ed2c1397ce202665c70e5875b400a2952623d7af0fbda5c4e0de0f9ff9e4a1c9f27f63e5e8524fe45a7bce19c97c

  • SSDEEP

    3072:F9Pz9yUZZ91RI9zIpA4sSBmxShqyXAI5BjzQS8iqI6FFLpRntY8Q233inOHc/i:F9z4w3RIpYxjMP2BjzQS8ij6FjRy8Qp

Malware Config

Extracted

Family

redline

Botnet

Lyla.11.09

C2

185.215.113.216:21921

Attributes
  • auth_value

    a1e5192e588aa983d678ceb4d6e0d8b5

Targets

    • Target

      bc7da2ff8fd88b93c62d6318a26c17a9bbc14ee658d2064140f4ccdc869764f0

    • Size

      217KB

    • MD5

      a078e93cc24db2b52b41dde722aaa333

    • SHA1

      8bc2f863ebdc8334b8cf240fd21a254c754498b6

    • SHA256

      bc7da2ff8fd88b93c62d6318a26c17a9bbc14ee658d2064140f4ccdc869764f0

    • SHA512

      3156512dfe0316d251b19e0d9c643c8377f5ed2c1397ce202665c70e5875b400a2952623d7af0fbda5c4e0de0f9ff9e4a1c9f27f63e5e8524fe45a7bce19c97c

    • SSDEEP

      3072:F9Pz9yUZZ91RI9zIpA4sSBmxShqyXAI5BjzQS8iqI6FFLpRntY8Q233inOHc/i:F9z4w3RIpYxjMP2BjzQS8ij6FjRy8Qp

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks