General

  • Target

    1918e39f86134f9bc8ac8d07c90a4116af7376b3dae61d774d0385eb9641655f

  • Size

    1.9MB

  • Sample

    241109-1ds5nsvrap

  • MD5

    b47ef9ff8493403098a97a8093edba36

  • SHA1

    0dd8130190538f058467d2aaf5a63e28010ba85f

  • SHA256

    1918e39f86134f9bc8ac8d07c90a4116af7376b3dae61d774d0385eb9641655f

  • SHA512

    eac6dba5421b29aaeaa43cf5bc9a3a2bf2a900a0cee1733b95d4bf3295970f9e99f8de5f3586f733ce83bad8fc1a66040f16659f4a05bc446749983fbb93d528

  • SSDEEP

    49152:e06m7NpA0GNJ/lU+zJwZjvjcpT+gDEvTqb8Td/pP6F:eA7UJ/5zGZjvjcQgGqYJ

Malware Config

Extracted

Family

redline

Botnet

@merlinholy

C2

185.189.167.123:37360

Attributes
  • auth_value

    9c36b63cccb3eade62bdc17519c7bd37

Targets

    • Target

      1918e39f86134f9bc8ac8d07c90a4116af7376b3dae61d774d0385eb9641655f

    • Size

      1.9MB

    • MD5

      b47ef9ff8493403098a97a8093edba36

    • SHA1

      0dd8130190538f058467d2aaf5a63e28010ba85f

    • SHA256

      1918e39f86134f9bc8ac8d07c90a4116af7376b3dae61d774d0385eb9641655f

    • SHA512

      eac6dba5421b29aaeaa43cf5bc9a3a2bf2a900a0cee1733b95d4bf3295970f9e99f8de5f3586f733ce83bad8fc1a66040f16659f4a05bc446749983fbb93d528

    • SSDEEP

      49152:e06m7NpA0GNJ/lU+zJwZjvjcpT+gDEvTqb8Td/pP6F:eA7UJ/5zGZjvjcQgGqYJ

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks