General

  • Target

    df3eaa545b4ea760919cf931af960521

  • Size

    1.5MB

  • Sample

    241109-mlfbwsvrgp

  • MD5

    df3eaa545b4ea760919cf931af960521

  • SHA1

    5cbc5677328a48773cd843f8baae8012c932691f

  • SHA256

    1c515ba8bd1319594bc5ef7f306c52b32d08d7aea0531f87d60b40b2ed797c51

  • SHA512

    7ad0f78125cd19a395ea1385212fce91c675686958afb796ead2cff342645e43bab32836327e1b9a1cdbab38ee7d040b6290776d7950cf587746aa1a885273a2

  • SSDEEP

    24576:evIr7w5P2yy5PCdNU6krlzxpdowqJcZKhS7p1KMuLwpcp/Ibt9aB7:evO7Y2yWb6krFxpdowqJcZKhS7pqLwpc

Malware Config

Extracted

Family

redline

Botnet

FTX

C2

199.34.18.18:48587

Attributes
  • auth_value

    9e0934b1c6ab3552898af5bcbd95ed44

Targets

    • Target

      3fd1e5924ec48bb5abc6243cf1641e5f0323ab68d494e5c412a830e45f1e36d7.exe

    • Size

      1.7MB

    • MD5

      1043817d0d592f519cadf46caf36d1c6

    • SHA1

      2164d3cbfaebd2a58adf3e1ad06ed5f6e4ead928

    • SHA256

      3fd1e5924ec48bb5abc6243cf1641e5f0323ab68d494e5c412a830e45f1e36d7

    • SHA512

      197576a9a1821b4d517166c6df55879a2949a500920babcb6641b99b761db92eb68b58abace0ec92e527cdd871ceab3632374eb030ba8da5cd2d8a5ec9147675

    • SSDEEP

      24576:6IuBu5SsFqHllFMco/TSBGIR3AwCctJqSXpnKycHVP5XUbme:6zBu5SsFUlFcbSAVwfZKL1REm

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks