General

  • Target

    562f06e1f2928a80082238b7bcfdbeb112dd96c4746617176d6a436c57bf05a9

  • Size

    239KB

  • Sample

    221206-b79l3sag7z

  • MD5

    7c15b1a5ffca6ae48c44790b73fdddc1

  • SHA1

    a908943457c6006e631e46854114f32d75a24e30

  • SHA256

    562f06e1f2928a80082238b7bcfdbeb112dd96c4746617176d6a436c57bf05a9

  • SHA512

    c607f869c68203e80cee54bcec42bd40911ab9ed44139201783a0def431026b2c3000b84790e3c8793d6555736da1552071bfc79a4c7602096fb0c1860726760

  • SSDEEP

    3072:Zx+0gbyg6H8xK/q+PwjUoHp0DCe8K/1IzKbVR4TfGRrhqZIATccmuxO:Zx+0gWg5Kq+PwQoHp0DoK2KJSTfqrhmW

Score
10/10

Malware Config

Extracted

Family

redline

Botnet

@P1

C2

193.106.191.138:32796

Attributes
  • auth_value

    54c79ce081122137049ee07c0a2f38ab

Targets

    • Target

      562f06e1f2928a80082238b7bcfdbeb112dd96c4746617176d6a436c57bf05a9

    • Size

      239KB

    • MD5

      7c15b1a5ffca6ae48c44790b73fdddc1

    • SHA1

      a908943457c6006e631e46854114f32d75a24e30

    • SHA256

      562f06e1f2928a80082238b7bcfdbeb112dd96c4746617176d6a436c57bf05a9

    • SHA512

      c607f869c68203e80cee54bcec42bd40911ab9ed44139201783a0def431026b2c3000b84790e3c8793d6555736da1552071bfc79a4c7602096fb0c1860726760

    • SSDEEP

      3072:Zx+0gbyg6H8xK/q+PwjUoHp0DCe8K/1IzKbVR4TfGRrhqZIATccmuxO:Zx+0gWg5Kq+PwQoHp0DoK2KJSTfqrhmW

    Score
    10/10
    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scripting

1
T1064

Defense Evasion

Scripting

1
T1064

Tasks