General

  • Target

    3bca0ff7de86237784fe73ccb19efd68

  • Size

    245KB

  • Sample

    241109-yevnsa1bnl

  • MD5

    3bca0ff7de86237784fe73ccb19efd68

  • SHA1

    b4802e645c79ff4a634cd2e0f4fcca68505a50e4

  • SHA256

    946c1c27ded39010c0fbfbbc97c7b49f6b4cfd97fcaabedd03faf6ba8125cec5

  • SHA512

    f5569c8675340bc12a72b676bfa82c10d5ce78d0e9c20b1a47fc7a48c9a32ab4c4159749ed9ca0dc4ab64d466032e705c294cc6ca4d2ae527b3810832f00f36f

  • SSDEEP

    6144:5Vrfu8hHsQUHWUjcdapymMB3B5S6BQCFFOO3L+JEIhYK:ti2zdaYKCFFhDdK

Malware Config

Extracted

Family

redline

Botnet

ghost

C2

104.37.174.31:27620

Attributes
  • auth_value

    1d44e9a3b9adc75d1064fce70c099dc7

Targets

    • Target

      3eac5bbdfde1725766ce68a53713f9977789dfc8f3890f5fd9ef9c622ea13a05.exe

    • Size

      303KB

    • MD5

      ff210196de802f86a76c7cb3d4e3d740

    • SHA1

      106aae4600eaa56937a1d94b8f90cc6b8d6b5f55

    • SHA256

      3eac5bbdfde1725766ce68a53713f9977789dfc8f3890f5fd9ef9c622ea13a05

    • SHA512

      0f52fe35266f07f8b8edcef77022d1a27dcb0855f3189cc5a6fff3d7fa8cc87eae3b91952c8e8dce880664c81a8f638a987ae73646b30d8bedefe58835005683

    • SSDEEP

      6144:Au4LuhYvmLIJQAxdE26tjacB6RH7IzvfQzcGPFhtzFAkU:A366OMJQb26pa06RH76fuzd

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

MITRE ATT&CK Enterprise v15

Tasks