General

  • Target

    9cb0123894725bbe0302fa1f1f7dd154dc2592f65081653a4f20cea36a9195dc

  • Size

    1.9MB

  • Sample

    241109-x7qd4azlfs

  • MD5

    8bb94e79898429bd6ae438b7c679e88d

  • SHA1

    2ea4fa7a9dfbb8d956e69c810ce6692efd82045e

  • SHA256

    9cb0123894725bbe0302fa1f1f7dd154dc2592f65081653a4f20cea36a9195dc

  • SHA512

    d8f6dda1aac7e989f7ebaefca16bd2f95dd739d6200f1b3e276cf9bfd00c2cc50fc65564d802861641e48191dff4d53121488bdd96e45dd653c61b703cfbdfe6

  • SSDEEP

    49152:e06m7NpA0GNJ/lU+zJwZjvjcpT+gDEvTqb8Td/pP6F:eA7UJ/5zGZjvjcQgGqYJ

Malware Config

Extracted

Family

redline

Botnet

@merlinholy

C2

185.189.167.123:37360

Attributes
  • auth_value

    9c36b63cccb3eade62bdc17519c7bd37

Targets

    • Target

      9cb0123894725bbe0302fa1f1f7dd154dc2592f65081653a4f20cea36a9195dc

    • Size

      1.9MB

    • MD5

      8bb94e79898429bd6ae438b7c679e88d

    • SHA1

      2ea4fa7a9dfbb8d956e69c810ce6692efd82045e

    • SHA256

      9cb0123894725bbe0302fa1f1f7dd154dc2592f65081653a4f20cea36a9195dc

    • SHA512

      d8f6dda1aac7e989f7ebaefca16bd2f95dd739d6200f1b3e276cf9bfd00c2cc50fc65564d802861641e48191dff4d53121488bdd96e45dd653c61b703cfbdfe6

    • SSDEEP

      49152:e06m7NpA0GNJ/lU+zJwZjvjcpT+gDEvTqb8Td/pP6F:eA7UJ/5zGZjvjcQgGqYJ

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks