General

  • Target

    bae95ea0ebe16f3f32e9632637af56124e8b3f785f62240acea9516b4a036bed

  • Size

    1.0MB

  • Sample

    230922-n81rsafh6s

  • MD5

    436d44532ff198258bbc0b93292dd66c

  • SHA1

    1297812fb8fe2bb4827f8e6f0dba83fac87988d4

  • SHA256

    bae95ea0ebe16f3f32e9632637af56124e8b3f785f62240acea9516b4a036bed

  • SHA512

    13735ea25226f6ed904797a4888e344f13af185f6982b1fcb858441c4c5599f438ae22875f14614e8cf48c8ca760f39b6cad7a5a7eaf56b10d5d9769bb63933a

  • SSDEEP

    24576:FyDLoyfhL3eCRwJ0eyEZNg9o2DVXr8AUefH3r:gXoYwCi07CMoaT3

Malware Config

Extracted

Family

redline

Botnet

tuxiu

C2

77.91.124.82:19071

Attributes
  • auth_value

    29610cdad07e7187eec70685a04b89fe

Targets

    • Target

      bae95ea0ebe16f3f32e9632637af56124e8b3f785f62240acea9516b4a036bed

    • Size

      1.0MB

    • MD5

      436d44532ff198258bbc0b93292dd66c

    • SHA1

      1297812fb8fe2bb4827f8e6f0dba83fac87988d4

    • SHA256

      bae95ea0ebe16f3f32e9632637af56124e8b3f785f62240acea9516b4a036bed

    • SHA512

      13735ea25226f6ed904797a4888e344f13af185f6982b1fcb858441c4c5599f438ae22875f14614e8cf48c8ca760f39b6cad7a5a7eaf56b10d5d9769bb63933a

    • SSDEEP

      24576:FyDLoyfhL3eCRwJ0eyEZNg9o2DVXr8AUefH3r:gXoYwCi07CMoaT3

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks