General

  • Target

    18cc5b072b4e0e2776efc2a629ffde2a

  • Size

    148KB

  • Sample

    241109-y19pts1fpc

  • MD5

    18cc5b072b4e0e2776efc2a629ffde2a

  • SHA1

    bfff213e4e61e12c395b945406f8f8a7eca32e24

  • SHA256

    4d69923a19bf71456cec95773df6618eb226c7522eff306a0fb117fda137f2c3

  • SHA512

    e3dad34f1adff80d6e174680d788b127ca042d95ecbf5bdff8d43cc1a6bf6e28b0280fb74824d13ec2670e96b64921c1f8e3849ea20153891c8de8a7b51c45ed

  • SSDEEP

    3072:5EyCHi6sTGyqOOft/rlJkjxtGXuvcSwnvehxACDHUBHpJFUh:Cygqi8UDaja+kJvMxXDHsJFUh

Malware Config

Extracted

Family

redline

Botnet

same

C2

116.202.106.111:9582

Attributes
  • auth_value

    6fcb28e68ce71e9cfc2aae3ba5e92f33

Targets

    • Target

      6246f7af345ac_Fri13b7f06884.bin

    • Size

      315KB

    • MD5

      84e9047be9d225a784b8855640a6d034

    • SHA1

      deadecb0340b58236fd4e6127b0a545c47e7393e

    • SHA256

      40fd6365f236050b75bd96ad7cab07c6b6875ce2c76016499bed58e5a27ef0de

    • SHA512

      8a721f423f61504bf0de5acedf37a5e48d8f8e7d74a547f1865904e168622a075d64f1bb7b2aa8f150a0eb0d1e035d342d5268b4ab460c18713ce6425330da50

    • SSDEEP

      3072:Lz3BD0gFqkBzwLlTTff4O56JYgdH9/8q61in7TiMFQbGDDMxj2fFkaUNsxed9+Rv:LNsJA/8q6AXHDvuHr3OslF3ZvJsI

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks