General

  • Target

    file.exe

  • Size

    217KB

  • Sample

    221123-p4l89sga4w

  • MD5

    616c54f3b83f8b8a31dd178a7a3af481

  • SHA1

    d87a02d136b36435283d7fa3b3b41b1b97088e4e

  • SHA256

    42cf041d4d3d613c8cb9fdef4d97ae376ba6aedee91334d7ba90cac8e406a915

  • SHA512

    0121ac16f7191e17ec2494cb63056831012b60e19a7dcc79100b464ebd9f59edbf49e459ebbec8ff44e35a649ac66dee90db0f90469304f129a8e560b8fd9842

  • SSDEEP

    3072:L84v790Lox+J4ETyre2xRc0jqr76OlnA9DMpYU4KZe8JbJ3Yl6PR+cpY8jwVS:LfvZ0Loqwe2xrjq6O4MJ4bM5Y4+cE

Malware Config

Extracted

Family

redline

Botnet

@madboyza

C2

193.106.191.138:32796

Attributes
  • auth_value

    9bfce7bfb110f8f53d96c7a32c655358

Targets

    • Target

      file.exe

    • Size

      217KB

    • MD5

      616c54f3b83f8b8a31dd178a7a3af481

    • SHA1

      d87a02d136b36435283d7fa3b3b41b1b97088e4e

    • SHA256

      42cf041d4d3d613c8cb9fdef4d97ae376ba6aedee91334d7ba90cac8e406a915

    • SHA512

      0121ac16f7191e17ec2494cb63056831012b60e19a7dcc79100b464ebd9f59edbf49e459ebbec8ff44e35a649ac66dee90db0f90469304f129a8e560b8fd9842

    • SSDEEP

      3072:L84v790Lox+J4ETyre2xRc0jqr76OlnA9DMpYU4KZe8JbJ3Yl6PR+cpY8jwVS:LfvZ0Loqwe2xrjq6O4MJ4bM5Y4+cE

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks