General

  • Target

    1afefe979cb11e53a22172f046680513dabe1bd877746ac21e2f67f02f28151e

  • Size

    593KB

  • Sample

    241109-mefdba1rfv

  • MD5

    cca17c48d5d42c205f1add433db88280

  • SHA1

    550049faec266c0afe46afcaeddeaeca21f64595

  • SHA256

    1afefe979cb11e53a22172f046680513dabe1bd877746ac21e2f67f02f28151e

  • SHA512

    e951db7413af64265296391688b4e9825c857d9ada144d447a7f6fec134086bdfe4238e15196c63aa91e070a28e9ee90400041a4dc00da87a9a7566f973d89d5

  • SSDEEP

    12288:gLow6+HZV0s/raPkqYI8AdqmHkks5y3Aa/LyecXXzzGi:gLoMjeb8Ad/k950ZpcXX//

Malware Config

Extracted

Family

redline

Botnet

@dxpex

C2

185.11.73.34:18717

Attributes
  • auth_value

    7d71dc2486a2f78d8097fa5a22e9ed30

Targets

    • Target

      setup.exe

    • Size

      600KB

    • MD5

      52be306b77fc18e2db2ad3ec7d08f008

    • SHA1

      4d75fe2be99acd65d3276be87f553aa54457d38c

    • SHA256

      0597ad3f1805bbfaf14910f21aa830c489ec9fe2876407e3cbb24f60b364acd4

    • SHA512

      7b2d464c1fd823f0fb65d28ebb9d2d660af3d55e14eb5bb21672be558d6ddd5ba2efba20a1eb0832a7b179cac8376972552bee831dc621e9a02b19b6fc1b9177

    • SSDEEP

      12288:9zpAD4jTzVbgoJ6k/P2RNlZGzQS03ULaHNqrxlKIQNoxcd/BlZk8gKt:9Vq47VbXZ/ORvZGzkEaHNYK3Mcd5lgu

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks