General

  • Target

    04bd930932b9a72d8afcde1fde4d63bb5d321cc1f5674d2d852abdaa3b18097d

  • Size

    119KB

  • Sample

    241104-rkxl1a1flq

  • MD5

    157f80158eb3a1e2b05740a930b81ba6

  • SHA1

    42750cbc314e7627e9459a84481ab8a93dc92b1e

  • SHA256

    04bd930932b9a72d8afcde1fde4d63bb5d321cc1f5674d2d852abdaa3b18097d

  • SHA512

    f174b49ebc384142cc003b8a2983e54eb61fcd5c37e0ec647af0125161272ab61180d4512065b9a572361ee1a77ff23e730db58faa872b2081e12c349d20a747

  • SSDEEP

    3072:BW8kOdiV+GX+Ojjuk3taSrNz63PqurAkzsI5RtpnEN:tMV9X+O1aSBz6lK

Malware Config

Extracted

Family

redline

Botnet

pub2

C2

89.22.231.25:45245

Attributes
  • auth_value

    ea9464d486a641bb513057e5f63399e1

Targets

    • Target

      d82068382e82697bb266f6c668fd1cda36f7ca2de8ce34ae280e9c1397d02567

    • Size

      277KB

    • MD5

      14a7fd58316f6885b90b849d59f175c9

    • SHA1

      2f61b5948b5f94233d4c91d775de72644b0771e4

    • SHA256

      d82068382e82697bb266f6c668fd1cda36f7ca2de8ce34ae280e9c1397d02567

    • SHA512

      daa31ce2bef9420f0f537c1e734517f6819aee00c5916d8ad1b780a1233ae89fe23684dc9534abae010990384d5ac53c3a451db35c4b02ee46c50d8b94edfcb0

    • SSDEEP

      6144:d1NtyTXVo1HbjPdwaAMQIc5edLu/FYFr44qXfMtqbY5/EsyYQYc6WecjnxJb6wPt:d1NtyWVwaAMQ0LYUsfMtqbY58syYQYcp

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks