General

  • Target

    4aw602SF.exe

  • Size

    459KB

  • Sample

    231010-bcllrshe7t

  • MD5

    f807505c12a33b65b08e46eef6408959

  • SHA1

    49813fdcd432b333f296421a2dbf867506363626

  • SHA256

    1327f6d2be1f9ec0e2bef78ffb5a702b1a5249e4e7cea43e0012aebf1cb8c669

  • SHA512

    4df7bf7aaa4f1a409032c3e2e1cce183b707b70219b62d54af7fdccb6e5b7f78ae67727ee4bc6c30e044cb0f6535b155d1834ad3e3120eef7fdba82740919179

  • SSDEEP

    6144:4vRHImfMPTjdJUINv8nqBJY5FAOtOjHXfSxrviJxekGQYto/vHYjB4rSPjIEtN3:4vCmETjbJ3mTOjHvSxrviukGftgvHhG3

Malware Config

Extracted

Family

redline

Botnet

frant

C2

77.91.124.55:19071

Targets

    • Target

      4aw602SF.exe

    • Size

      459KB

    • MD5

      f807505c12a33b65b08e46eef6408959

    • SHA1

      49813fdcd432b333f296421a2dbf867506363626

    • SHA256

      1327f6d2be1f9ec0e2bef78ffb5a702b1a5249e4e7cea43e0012aebf1cb8c669

    • SHA512

      4df7bf7aaa4f1a409032c3e2e1cce183b707b70219b62d54af7fdccb6e5b7f78ae67727ee4bc6c30e044cb0f6535b155d1834ad3e3120eef7fdba82740919179

    • SSDEEP

      6144:4vRHImfMPTjdJUINv8nqBJY5FAOtOjHXfSxrviJxekGQYto/vHYjB4rSPjIEtN3:4vCmETjbJ3mTOjHvSxrviukGftgvHhG3

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks