General

  • Target

    03d89f8533515e5ac9daff64cfc95a5cae3823ee5d648704492a6589bf56ecb7

  • Size

    277KB

  • Sample

    221206-f77jyahe74

  • MD5

    2e82c589b6daee8c11ee90921673b813

  • SHA1

    6188a1199d54d9f1a32ce7c902cb434390cea602

  • SHA256

    03d89f8533515e5ac9daff64cfc95a5cae3823ee5d648704492a6589bf56ecb7

  • SHA512

    a77a1dd315e02cfef82df000e552af1cf0db1e04b0eb8363bb701f380b37f4d0430201b1b0c4f4acef6c015934af4e1cf5c9964e614d359a940b34cf4ff5d449

  • SSDEEP

    3072:CLjOH5jAID8M/tdy98JMLOSEkb7WLa3QA/SfSnZKGC5gTWS+JxO:CLSH5jAIDHE98JEbCe3QwSAZTZ

Malware Config

Extracted

Family

redline

Botnet

@2023@

C2

193.106.191.138:32796

Attributes
  • auth_value

    ca057e5baadfd0774a34a6a949cd5e69

Targets

    • Target

      03d89f8533515e5ac9daff64cfc95a5cae3823ee5d648704492a6589bf56ecb7

    • Size

      277KB

    • MD5

      2e82c589b6daee8c11ee90921673b813

    • SHA1

      6188a1199d54d9f1a32ce7c902cb434390cea602

    • SHA256

      03d89f8533515e5ac9daff64cfc95a5cae3823ee5d648704492a6589bf56ecb7

    • SHA512

      a77a1dd315e02cfef82df000e552af1cf0db1e04b0eb8363bb701f380b37f4d0430201b1b0c4f4acef6c015934af4e1cf5c9964e614d359a940b34cf4ff5d449

    • SSDEEP

      3072:CLjOH5jAID8M/tdy98JMLOSEkb7WLa3QA/SfSnZKGC5gTWS+JxO:CLSH5jAIDHE98JEbCe3QwSAZTZ

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scripting

1
T1064

Defense Evasion

Scripting

1
T1064

Tasks