General

  • Target

    c85533dc3627cc14b81a22fb204c42c9e5527e15ad78c832da7a159825de6ec7

  • Size

    2.2MB

  • Sample

    240314-lx7d3sbd68

  • MD5

    b1087aa5a1a538d7ee3bd9c3b774bb38

  • SHA1

    0842a7d8905be9dbe06f9b2bd7376f33373af246

  • SHA256

    c85533dc3627cc14b81a22fb204c42c9e5527e15ad78c832da7a159825de6ec7

  • SHA512

    46aec87f752382ec9a5ce6f45af70ab54ae3fe158cd2084b27ca55d8224c83417c8a13091648b4b1ffdbf76f2b88ffa0424a76d3619c3516645e70b0c6969cb6

  • SSDEEP

    24576:EQ1OwhF5/u7S/OiUVkcOpckjLDSvWrtaG2cskcA8AvuyLdk0JdQGwct28MENdhX2:DMwP5/u79ScOqkjqOrnq29QFxa

Malware Config

Extracted

Family

redline

Botnet

Legaa

C2

185.172.128.33:38294

Targets

    • Target

      c85533dc3627cc14b81a22fb204c42c9e5527e15ad78c832da7a159825de6ec7

    • Size

      2.2MB

    • MD5

      b1087aa5a1a538d7ee3bd9c3b774bb38

    • SHA1

      0842a7d8905be9dbe06f9b2bd7376f33373af246

    • SHA256

      c85533dc3627cc14b81a22fb204c42c9e5527e15ad78c832da7a159825de6ec7

    • SHA512

      46aec87f752382ec9a5ce6f45af70ab54ae3fe158cd2084b27ca55d8224c83417c8a13091648b4b1ffdbf76f2b88ffa0424a76d3619c3516645e70b0c6969cb6

    • SSDEEP

      24576:EQ1OwhF5/u7S/OiUVkcOpckjLDSvWrtaG2cskcA8AvuyLdk0JdQGwct28MENdhX2:DMwP5/u79ScOqkjqOrnq29QFxa

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks