General

  • Target

    be00c9b1ab7040405a6369fe9446f30de42e9762f8f1ffafa67c2d7dab6dea71

  • Size

    397KB

  • Sample

    221227-n7tl3saa8z

  • MD5

    8de87ef64a9be004b8539ca97411db69

  • SHA1

    76096078eaf1ed49678cc8ef87f6c6185702236f

  • SHA256

    be00c9b1ab7040405a6369fe9446f30de42e9762f8f1ffafa67c2d7dab6dea71

  • SHA512

    850fe5d4f46f0433fc607872a21b5d009e42d6d93bdec3c67782c10c7c3301b534bceafa7a588eb9f0284abf4f4eb2f197286c35029c835d82fea0d18fc2fbff

  • SSDEEP

    6144:47uw8hfi2wvYT5zHHsbMISpTsAOF3QMTCnXRrJSylNSa:4Kw8hfi2wA1mLKnXRBlQa

Score
10/10

Malware Config

Extracted

Family

redline

Botnet

11

C2

79.137.202.18:45218

Attributes
  • auth_value

    107e09eee63158d2488feb03dac75204

Targets

    • Target

      be00c9b1ab7040405a6369fe9446f30de42e9762f8f1ffafa67c2d7dab6dea71

    • Size

      397KB

    • MD5

      8de87ef64a9be004b8539ca97411db69

    • SHA1

      76096078eaf1ed49678cc8ef87f6c6185702236f

    • SHA256

      be00c9b1ab7040405a6369fe9446f30de42e9762f8f1ffafa67c2d7dab6dea71

    • SHA512

      850fe5d4f46f0433fc607872a21b5d009e42d6d93bdec3c67782c10c7c3301b534bceafa7a588eb9f0284abf4f4eb2f197286c35029c835d82fea0d18fc2fbff

    • SSDEEP

      6144:47uw8hfi2wvYT5zHHsbMISpTsAOF3QMTCnXRrJSylNSa:4Kw8hfi2wA1mLKnXRBlQa

    Score
    10/10
    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scripting

1
T1064

Defense Evasion

Scripting

1
T1064

Tasks