General

  • Target

    36915399b9afd2c1488e5c61c62ef24fdf26e1db8b2707949c0e1543c8588ec6

  • Size

    277KB

  • Sample

    221206-cvy59abg5t

  • MD5

    61e556ed6671cad870b71e1bc848197b

  • SHA1

    cea7e88c7a0883619b97754a2d4fc76b3865055f

  • SHA256

    36915399b9afd2c1488e5c61c62ef24fdf26e1db8b2707949c0e1543c8588ec6

  • SHA512

    c23f242c332d316a0edd6cdf7bae977282eb01d30cef498b6481c46b96e6b3da9feb9e3c93f80b4953a37fb8ab6eb8ae968395b0638ca2bf256249bf882420a3

  • SSDEEP

    3072:6LjOlXj0I/hH3RvM+4UU5i7SVx/n8p+izFgTW2+SxO:6LSlXj0I/4nFzP8p+S

Malware Config

Extracted

Family

redline

Botnet

@2023

C2

79.137.192.28:20723

Attributes
  • auth_value

    93b4b7d0dc8e9415e261a402587c6710

Targets

    • Target

      36915399b9afd2c1488e5c61c62ef24fdf26e1db8b2707949c0e1543c8588ec6

    • Size

      277KB

    • MD5

      61e556ed6671cad870b71e1bc848197b

    • SHA1

      cea7e88c7a0883619b97754a2d4fc76b3865055f

    • SHA256

      36915399b9afd2c1488e5c61c62ef24fdf26e1db8b2707949c0e1543c8588ec6

    • SHA512

      c23f242c332d316a0edd6cdf7bae977282eb01d30cef498b6481c46b96e6b3da9feb9e3c93f80b4953a37fb8ab6eb8ae968395b0638ca2bf256249bf882420a3

    • SSDEEP

      3072:6LjOlXj0I/hH3RvM+4UU5i7SVx/n8p+izFgTW2+SxO:6LSlXj0I/4nFzP8p+S

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scripting

1
T1064

Defense Evasion

Scripting

1
T1064

Tasks