General

  • Target

    116c606c17de79c45fa45110ab305122b8c8915125ec48b950e7ddc556ea6304

  • Size

    389KB

  • Sample

    241107-pwx1sssepq

  • MD5

    87959ca1627e213bb517ca964fab49fd

  • SHA1

    3c0f28d61071e2aa903a82cb3dda6b63762c8701

  • SHA256

    116c606c17de79c45fa45110ab305122b8c8915125ec48b950e7ddc556ea6304

  • SHA512

    72562caf68b4d5059c9a76aa9b9f601b4b702845a917e5d22d9544f39dadd156d7b4b217756dc31288bd663d8a40d8d074bcac55ee503234cc81a2e58ff253bd

  • SSDEEP

    6144:Am4dxganzHlvVtNMGmHfuAKMpxSAOJnafoA1BFKZToX+kBPxf39M:AtcanzHlvxMLSb+f0axlM

Malware Config

Extracted

Family

redline

Botnet

11

C2

79.137.202.18:45218

Attributes
  • auth_value

    107e09eee63158d2488feb03dac75204

Targets

    • Target

      116c606c17de79c45fa45110ab305122b8c8915125ec48b950e7ddc556ea6304

    • Size

      389KB

    • MD5

      87959ca1627e213bb517ca964fab49fd

    • SHA1

      3c0f28d61071e2aa903a82cb3dda6b63762c8701

    • SHA256

      116c606c17de79c45fa45110ab305122b8c8915125ec48b950e7ddc556ea6304

    • SHA512

      72562caf68b4d5059c9a76aa9b9f601b4b702845a917e5d22d9544f39dadd156d7b4b217756dc31288bd663d8a40d8d074bcac55ee503234cc81a2e58ff253bd

    • SSDEEP

      6144:Am4dxganzHlvVtNMGmHfuAKMpxSAOJnafoA1BFKZToX+kBPxf39M:AtcanzHlvxMLSb+f0axlM

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks