General

  • Target

    d3c3ef0b2b6f337b4cdc482528f45b3f916423a70a9f811cc23bba0a1925febc

  • Size

    177KB

  • Sample

    241109-m3738swlcm

  • MD5

    e0ba8282b1e457d34a374bc93b24fddc

  • SHA1

    c3aaef83d4332f0fb424443c28e0a95e9c3cff94

  • SHA256

    d3c3ef0b2b6f337b4cdc482528f45b3f916423a70a9f811cc23bba0a1925febc

  • SHA512

    084cb7c9567fc0ad0363a4b3a1da9d2dbe266c9c986128cb4dc5a65dd20e0fa9996170c6ad2174e5276e72ab65b7bcd1616b9b08129aaa6209c31b1a1b9a554f

  • SSDEEP

    3072:8q2eJzEGmMi+iik1wQ5VnPGaeZwUGpQcj2+q4215PkhzjK3uGvw8JUQYcx+CrQPf:CyzrGTHqQHnGwf92+q54hvOjFx+6Ez2E

Malware Config

Extracted

Family

redline

Botnet

5631065866_99

C2

dragrun.top:28786

Attributes
  • auth_value

    8e0a1c9a030cc4c326c224fdeb62adbc

Targets

    • Target

      b83e4d26b756a9e947750030ee3d3f942ce1163a1593c067d245321ae152d7a1.exe

    • Size

      428KB

    • MD5

      c26ef6474f3a55e5de9991431f0fd0a4

    • SHA1

      6d3fd024c953cf7c29bd99023447af09c04e9083

    • SHA256

      b83e4d26b756a9e947750030ee3d3f942ce1163a1593c067d245321ae152d7a1

    • SHA512

      34fd28ccb1275d6356dff8a088301a867318f3695e8f417e53d435aacb618342dbca762111809f0a8a10a2feaa87cc3d7f0457b2d142cd9b42d5beec1474ce71

    • SSDEEP

      6144:ZyulBKpG2sNOwIFq9kZFwYxTvHsEg2eIfMpo:Zy4IpGjN1IFSKFwYxvMfDr

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks