General

  • Target

    b3dbaac1d97a60a6134ea0a30ebbd12356ee41bd940d652f9fd0648f654f360d

  • Size

    9.1MB

  • Sample

    241109-y58cka1glm

  • MD5

    f7b955d763cc1826220937fb4f029395

  • SHA1

    0cbf104568d2c5ae3732ab2e22617c26636b1da8

  • SHA256

    b3dbaac1d97a60a6134ea0a30ebbd12356ee41bd940d652f9fd0648f654f360d

  • SHA512

    41a995df1f077bc7288ddf8e2d6f00fc638882f34b1594c1c6032af07bc62ccb0cf46c3f96e7da1701a5d111c6be1cd803473c8ba1df88d01e7bc993afaae3bd

  • SSDEEP

    196608:WTAQPJC79VHabA7WT8N1BxYS7FQiJkDxc7NhltGsLHX7qgQcBTTH:rQPJqPsA7E8RxYE+iJu+7NhJL+gFH

Malware Config

Extracted

Family

redline

Botnet

@dxpex

C2

185.11.73.34:18717

Attributes
  • auth_value

    7d71dc2486a2f78d8097fa5a22e9ed30

Targets

    • Target

      setup.exe

    • Size

      600KB

    • MD5

      52be306b77fc18e2db2ad3ec7d08f008

    • SHA1

      4d75fe2be99acd65d3276be87f553aa54457d38c

    • SHA256

      0597ad3f1805bbfaf14910f21aa830c489ec9fe2876407e3cbb24f60b364acd4

    • SHA512

      7b2d464c1fd823f0fb65d28ebb9d2d660af3d55e14eb5bb21672be558d6ddd5ba2efba20a1eb0832a7b179cac8376972552bee831dc621e9a02b19b6fc1b9177

    • SSDEEP

      12288:9zpAD4jTzVbgoJ6k/P2RNlZGzQS03ULaHNqrxlKIQNoxcd/BlZk8gKt:9Vq47VbXZ/ORvZGzkEaHNYK3Mcd5lgu

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks