General

  • Target

    18e9004b665ff009851895553fe1ec6c92e94b9b1f8898b5e3e38a762730db70

  • Size

    389KB

  • Sample

    221227-abkgmshb9t

  • MD5

    ab168ca7a8902f0a922590433d1acc7b

  • SHA1

    30f50b2cc6c2fdcb2ee607b3e912556e36d1fb36

  • SHA256

    18e9004b665ff009851895553fe1ec6c92e94b9b1f8898b5e3e38a762730db70

  • SHA512

    4fc711bd1eb641d1e6a01b3780960dfd67ff46bc364f4d898ff05c78570d3c0922d11af52e502d9f867e425e20d57a02dc6c1679e9dfbe43b1a50363f75320c6

  • SSDEEP

    6144:2m4H8wNHzXF/FdNcmG3vuAqMexSAOeDqsDE3dcMygTeefj1cV6ag9M:2tlNHzXF/RcKSc7efjqV6aaM

Score
10/10

Malware Config

Extracted

Family

redline

Botnet

11

C2

79.137.202.18:45218

Attributes
  • auth_value

    107e09eee63158d2488feb03dac75204

Targets

    • Target

      18e9004b665ff009851895553fe1ec6c92e94b9b1f8898b5e3e38a762730db70

    • Size

      389KB

    • MD5

      ab168ca7a8902f0a922590433d1acc7b

    • SHA1

      30f50b2cc6c2fdcb2ee607b3e912556e36d1fb36

    • SHA256

      18e9004b665ff009851895553fe1ec6c92e94b9b1f8898b5e3e38a762730db70

    • SHA512

      4fc711bd1eb641d1e6a01b3780960dfd67ff46bc364f4d898ff05c78570d3c0922d11af52e502d9f867e425e20d57a02dc6c1679e9dfbe43b1a50363f75320c6

    • SSDEEP

      6144:2m4H8wNHzXF/FdNcmG3vuAqMexSAOeDqsDE3dcMygTeefj1cV6ag9M:2tlNHzXF/RcKSc7efjqV6aaM

    Score
    10/10
    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scripting

1
T1064

Defense Evasion

Scripting

1
T1064

Tasks