General

  • Target

    e4f22fce8bdeb8c1b6189ba8373d5887b366e5ad73bdad1b9b7b9344b6e8894d

  • Size

    723KB

  • Sample

    241109-xvndzazgnq

  • MD5

    9222098c72af29bb782cfec2a6d5bb3b

  • SHA1

    a5f08d1fcf2b5824d6ca7a0ccf8600129130680a

  • SHA256

    e4f22fce8bdeb8c1b6189ba8373d5887b366e5ad73bdad1b9b7b9344b6e8894d

  • SHA512

    85f59d2da6aa3ad294fb2ef6137258cc6a0ddc05be8ec2f3559348ade49e88d84bd441d804b8a7ad5afa2a1894732b67b93de6df32bce541d881abb951595ef1

  • SSDEEP

    12288:zQfr26UZpkBqzSsQBmUQEI2yEicJZv7EWZ0ehSFjKiVpuaUiazGYuuwRlSepRijd:zQfrxUZpkBqB/Ei+ZzEWZzyKn+wsq

Malware Config

Extracted

Family

redline

Botnet

Google2

C2

167.235.71.14:20469

Attributes
  • auth_value

    fb274d9691235ba015830da570a13578

Targets

    • Target

      e4f22fce8bdeb8c1b6189ba8373d5887b366e5ad73bdad1b9b7b9344b6e8894d

    • Size

      723KB

    • MD5

      9222098c72af29bb782cfec2a6d5bb3b

    • SHA1

      a5f08d1fcf2b5824d6ca7a0ccf8600129130680a

    • SHA256

      e4f22fce8bdeb8c1b6189ba8373d5887b366e5ad73bdad1b9b7b9344b6e8894d

    • SHA512

      85f59d2da6aa3ad294fb2ef6137258cc6a0ddc05be8ec2f3559348ade49e88d84bd441d804b8a7ad5afa2a1894732b67b93de6df32bce541d881abb951595ef1

    • SSDEEP

      12288:zQfr26UZpkBqzSsQBmUQEI2yEicJZv7EWZ0ehSFjKiVpuaUiazGYuuwRlSepRijd:zQfrxUZpkBqB/Ei+ZzEWZzyKn+wsq

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks