General

  • Target

    122f853e53f32ac56bc697d8bcba72f4ee52d787

  • Size

    2.7MB

  • Sample

    241109-y7kdhstrfk

  • MD5

    afee1b67854c6b4c31680c08d05bb663

  • SHA1

    122f853e53f32ac56bc697d8bcba72f4ee52d787

  • SHA256

    2d1122f001cf4d85e5bb23a9ccaecd2abd658b472e78ce1cd70ffeef970a9c81

  • SHA512

    b488afca7177493c418fb7debf6f3f5ed81732e6c968441715b728697cd6293df2ea253758f3320208fce5c90bfca18ee01a548aa128031ffb43b71d019f134d

  • SSDEEP

    49152:UVthL/508oXLrEf6l4mOgW++3EcT65XUzXbrJ2LPaRv+HbMsPRDSVKS9xn+sn:IthZ6sf6l4mk/6yzLrcoiM0p4dxnd

Malware Config

Extracted

Family

redline

Botnet

shadow

C2

77.73.134.5:30812

Attributes
  • auth_value

    2179453466993e7da14c43ccb5c99ef2

Targets

    • Target

      Sketches characters/whiterow.pif

    • Size

      706.0MB

    • MD5

      6ac54d8da3010a73e5673017b0a36ad1

    • SHA1

      19be844eda2a9ef3b03a6d8d355bcfb3b06ab98b

    • SHA256

      6b02a6d9732182ca8bf65a509aadb6923b42bb5a245225c94e64041e044c3332

    • SHA512

      a1fc391d33ec7f3e94c2acaaf40ea8cbc010f711de1b67abaa70f0beb57f13bbfe1b1ae8cc3509cf5bad6db1ed3675ddfb592d08b743ab398d6abdf3d6724dec

    • SSDEEP

      6144:xbQsfR/mRwBGV+XUYt8dFtIiw0fSH79Cju0c:xbz/mRZ+ELKiw0qH79Cjuz

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks