General

  • Target

    2397e2acb9a45df24ce1dc2eb7129177257d3a585c765a51c5bf8f7797611c06

  • Size

    937KB

  • Sample

    241109-1tjaeawlaq

  • MD5

    2ef24b675e227a88c54be09a51f6bbf7

  • SHA1

    e498eedd68be3a19d148c4f91dcaaedc0cdac146

  • SHA256

    2397e2acb9a45df24ce1dc2eb7129177257d3a585c765a51c5bf8f7797611c06

  • SHA512

    532e3cadf1b5303d216355d77092759c3308110b7310e257bdcafc855f1fdb35619fa55702a1dfa1a3376be0865e1cac802404d954b9df35d64a70e4396e2eed

  • SSDEEP

    24576:2OHtsct4XhXF+bE4KQepSU4YZM2K7Xt3tUnxh2VOUjAZHv:2SCcWp7nl4YZM2K7X1Cnxh9

Malware Config

Extracted

Family

redline

Botnet

@lowwifi

C2

185.189.167.123:37360

Attributes
  • auth_value

    8b9b49cc37bda909a48c4ba6b4702e99

Targets

    • Target

      860fcbbd9da42334429db9b46d96121091f0accac3ac1a8b5c2615039f00b657

    • Size

      1.8MB

    • MD5

      f244313bf4a7727eaa0a1cef4b83fc9c

    • SHA1

      542f8e0096a7a8cea02f5e16a80f7ee7087f8385

    • SHA256

      860fcbbd9da42334429db9b46d96121091f0accac3ac1a8b5c2615039f00b657

    • SHA512

      4f35dec8e7acaeb8b24c66b62a59c1fa8db97844f4785c4a2b44e19144711ae23b445fc538ae68b3649a8896078ff62cf0c169bfc833a2d2c8b04435315c688f

    • SSDEEP

      49152:QYpDxT293hpKIOenB4V2GSSeVbv2N2O90TTNag1:FChpKIOe8eSeVbv8NGEM

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks