General

  • Target

    71ee7896537b0fed44212b8df9568085013adf7dd5beb24b363f5a263a682229

  • Size

    389KB

  • Sample

    241107-jy959aydkg

  • MD5

    c5d64fa5d90d3cf9321504a934b41839

  • SHA1

    88093a1d0d5efc74c0311c769189735b7d8abc37

  • SHA256

    71ee7896537b0fed44212b8df9568085013adf7dd5beb24b363f5a263a682229

  • SHA512

    723ec9ba02eaba54977d926248c601c23a3686b24098865f6dbe46288a9a0e623449a2404439b5a2cbb323d04373bb3d37e4a341a8fa763370372fbb8e9cf578

  • SSDEEP

    6144:am4dxganzHlvVtNMGmHfuAKMpxSAOMZw/m7o8Lxy6pR9a2uiy2s9M:atcanzHlvxMLSyLfR39a2SFM

Malware Config

Extracted

Family

redline

Botnet

11

C2

79.137.202.18:45218

Attributes
  • auth_value

    107e09eee63158d2488feb03dac75204

Targets

    • Target

      71ee7896537b0fed44212b8df9568085013adf7dd5beb24b363f5a263a682229

    • Size

      389KB

    • MD5

      c5d64fa5d90d3cf9321504a934b41839

    • SHA1

      88093a1d0d5efc74c0311c769189735b7d8abc37

    • SHA256

      71ee7896537b0fed44212b8df9568085013adf7dd5beb24b363f5a263a682229

    • SHA512

      723ec9ba02eaba54977d926248c601c23a3686b24098865f6dbe46288a9a0e623449a2404439b5a2cbb323d04373bb3d37e4a341a8fa763370372fbb8e9cf578

    • SSDEEP

      6144:am4dxganzHlvVtNMGmHfuAKMpxSAOMZw/m7o8Lxy6pR9a2uiy2s9M:atcanzHlvxMLSyLfR39a2SFM

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks