General

  • Target

    4oE045Hr.exe

  • Size

    459KB

  • Sample

    231010-fpkbpaba41

  • MD5

    0f9bf0eeeae62f42f1e7f735706d1a14

  • SHA1

    efd2514c4d6c7e6ce1f39008fafe3bcb8b12408e

  • SHA256

    f1626105054686b8af41da05be026b6c8bfb9b9dc052e7c32b79193472f1ceba

  • SHA512

    8aafdb85d2a4ca093ab4e0de6601f2a00e04413079b58fb5e0ab710fb3edb1d54796c3b30c6502f626e326c46d322616c7ba195385f4e2ee3158f9dcf361da27

  • SSDEEP

    6144:IfThnbDPM4jjdpvIN8fp7z5BAOgfFHN6DEvQiCD8S40X:IfTVDPjjb/+fpNs3dRNX

Malware Config

Extracted

Family

redline

Botnet

frant

C2

77.91.124.55:19071

Targets

    • Target

      4oE045Hr.exe

    • Size

      459KB

    • MD5

      0f9bf0eeeae62f42f1e7f735706d1a14

    • SHA1

      efd2514c4d6c7e6ce1f39008fafe3bcb8b12408e

    • SHA256

      f1626105054686b8af41da05be026b6c8bfb9b9dc052e7c32b79193472f1ceba

    • SHA512

      8aafdb85d2a4ca093ab4e0de6601f2a00e04413079b58fb5e0ab710fb3edb1d54796c3b30c6502f626e326c46d322616c7ba195385f4e2ee3158f9dcf361da27

    • SSDEEP

      6144:IfThnbDPM4jjdpvIN8fp7z5BAOgfFHN6DEvQiCD8S40X:IfTVDPjjb/+fpNs3dRNX

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks