General

  • Target

    437631f5368601d9c03477626b970cc746815a50a5bb87066c422e61bef5feb0

  • Size

    401KB

  • Sample

    240521-1wdgyabg26

  • MD5

    7c5d3041f89f4359bf8bcf7f5b038fcb

  • SHA1

    b81bcec472de94424c945b0fecdf57a01707dec2

  • SHA256

    437631f5368601d9c03477626b970cc746815a50a5bb87066c422e61bef5feb0

  • SHA512

    38af05a68c79ff8df583c5f28818531a87f9092bb0fec10a35edd76dba17bf1f580806f3bfef20a45855a3bc0ff7e6f30803802069d5bc05516e4fdc26dbffec

  • SSDEEP

    6144:07OcGE+kl2yHMiNSqQT0ZcnL5e4PugTBqsM5Af9V4sdp1Nz9:07OcGq1HwqcnL5eTqBVZvz9

Malware Config

Extracted

Family

redline

C2

194.26.232.43:20746

Targets

    • Target

      437631f5368601d9c03477626b970cc746815a50a5bb87066c422e61bef5feb0

    • Size

      401KB

    • MD5

      7c5d3041f89f4359bf8bcf7f5b038fcb

    • SHA1

      b81bcec472de94424c945b0fecdf57a01707dec2

    • SHA256

      437631f5368601d9c03477626b970cc746815a50a5bb87066c422e61bef5feb0

    • SHA512

      38af05a68c79ff8df583c5f28818531a87f9092bb0fec10a35edd76dba17bf1f580806f3bfef20a45855a3bc0ff7e6f30803802069d5bc05516e4fdc26dbffec

    • SSDEEP

      6144:07OcGE+kl2yHMiNSqQT0ZcnL5e4PugTBqsM5Af9V4sdp1Nz9:07OcGq1HwqcnL5eTqBVZvz9

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks