General

  • Target

    218b9377914acc562ca8ccad9a110b3b939e5c4982f6c64beb292d64d73f9596

  • Size

    390KB

  • Sample

    241109-xtn9wasrcr

  • MD5

    9f822d1c2518aa50dd8c38face37ee70

  • SHA1

    fecd363717dcf0c3738221bdf7743f964922c620

  • SHA256

    218b9377914acc562ca8ccad9a110b3b939e5c4982f6c64beb292d64d73f9596

  • SHA512

    20a1af60f7a731b189890c9934709d1ce75067d8b0665692c97380e738a29cded3907c1de57df549a05d67003902c0218be415e116c6c17d55f809f96c241d74

  • SSDEEP

    12288:QQtVZJp0BG3x85VKFr+IG8jLyR5DgBGdDEJ/BCi:lhJ3Rp

Malware Config

Extracted

Family

redline

Botnet

0988765

C2

93.115.20.139:28978

Attributes
  • auth_value

    834c1ab8c6df85027b5cf1579537b485

Targets

    • Target

      218b9377914acc562ca8ccad9a110b3b939e5c4982f6c64beb292d64d73f9596

    • Size

      390KB

    • MD5

      9f822d1c2518aa50dd8c38face37ee70

    • SHA1

      fecd363717dcf0c3738221bdf7743f964922c620

    • SHA256

      218b9377914acc562ca8ccad9a110b3b939e5c4982f6c64beb292d64d73f9596

    • SHA512

      20a1af60f7a731b189890c9934709d1ce75067d8b0665692c97380e738a29cded3907c1de57df549a05d67003902c0218be415e116c6c17d55f809f96c241d74

    • SSDEEP

      12288:QQtVZJp0BG3x85VKFr+IG8jLyR5DgBGdDEJ/BCi:lhJ3Rp

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks