General

  • Target

    e7823793753b9baebf48f2167f023e92fd2afc94a618fc60f59ef839dc9ce738

  • Size

    389KB

  • Sample

    221227-jxkh7shf9y

  • MD5

    e8205b359c9c5d6c8d7fcfd68c908c7b

  • SHA1

    3d2a600b1ddf8955f028fbcd79886fa61be034e1

  • SHA256

    e7823793753b9baebf48f2167f023e92fd2afc94a618fc60f59ef839dc9ce738

  • SHA512

    9fd8a8a8f4f88d8189bee80ec3c619b0e5859f995012a0cdc5bdc8f909505533bc29ad7f47390992aa20d7fcb5bce2c1a2ff570d712a5562ef946a38702c850e

  • SSDEEP

    6144:Bm4dxganzHlvVtNMGmHfuAKMpxSAOP3E6fRwl6qMlicP+G9M:BtcanzHlvxMLSR3E66l6qMlicP+sM

Score
10/10

Malware Config

Extracted

Family

redline

Botnet

11

C2

79.137.202.18:45218

Attributes
  • auth_value

    107e09eee63158d2488feb03dac75204

Targets

    • Target

      e7823793753b9baebf48f2167f023e92fd2afc94a618fc60f59ef839dc9ce738

    • Size

      389KB

    • MD5

      e8205b359c9c5d6c8d7fcfd68c908c7b

    • SHA1

      3d2a600b1ddf8955f028fbcd79886fa61be034e1

    • SHA256

      e7823793753b9baebf48f2167f023e92fd2afc94a618fc60f59ef839dc9ce738

    • SHA512

      9fd8a8a8f4f88d8189bee80ec3c619b0e5859f995012a0cdc5bdc8f909505533bc29ad7f47390992aa20d7fcb5bce2c1a2ff570d712a5562ef946a38702c850e

    • SSDEEP

      6144:Bm4dxganzHlvVtNMGmHfuAKMpxSAOP3E6fRwl6qMlicP+G9M:BtcanzHlvxMLSR3E66l6qMlicP+sM

    Score
    10/10
    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scripting

1
T1064

Defense Evasion

Scripting

1
T1064

Tasks