General

  • Target

    build_240514_191326.exe

  • Size

    559KB

  • Sample

    240521-j6df9aec4y

  • MD5

    895493b29ce20d3e815e7eeef837bdb2

  • SHA1

    2a9f87129eb0f19d1f1a23926e5d5607b5008603

  • SHA256

    05fc0e79339dd99b39c7fee80a82d08678129afb565d6a3b7e0a2676efe36cf6

  • SHA512

    b9eb37d1ac60831be0ece8e68b2927e4958517982616a09a406ddbd954caf50e0b5d8f03b1bdbebb677e2c410e51a6e34d3b86f03071f941fa4db00e5eea7fb0

  • SSDEEP

    12288:oiaPTsxwJh+4fPHVrdcj9tBFxeWCOBlxo1m8wNteO0/8CRl+PPgwAgBuh6Frz2yU:oia71zzPw

Malware Config

Extracted

Family

redline

Botnet

6077866846_99

C2

https://pastebin.com/raw/8baCJyMF

Targets

    • Target

      build_240514_191326.exe

    • Size

      559KB

    • MD5

      895493b29ce20d3e815e7eeef837bdb2

    • SHA1

      2a9f87129eb0f19d1f1a23926e5d5607b5008603

    • SHA256

      05fc0e79339dd99b39c7fee80a82d08678129afb565d6a3b7e0a2676efe36cf6

    • SHA512

      b9eb37d1ac60831be0ece8e68b2927e4958517982616a09a406ddbd954caf50e0b5d8f03b1bdbebb677e2c410e51a6e34d3b86f03071f941fa4db00e5eea7fb0

    • SSDEEP

      12288:oiaPTsxwJh+4fPHVrdcj9tBFxeWCOBlxo1m8wNteO0/8CRl+PPgwAgBuh6Frz2yU:oia71zzPw

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks