General

  • Target

    6f89400fec4650df06752dd42288a1a3e231e0b4

  • Size

    301KB

  • Sample

    241109-yjp9vstmdm

  • MD5

    23ff76d397a0f9ed441b63a21f879a14

  • SHA1

    6f89400fec4650df06752dd42288a1a3e231e0b4

  • SHA256

    ab775442208874566eeb6aa864c71e6328a683925b51ab87ee5539437979d6fb

  • SHA512

    75506892a486046c9a60229bd327aa628c343b21fb8b85659d113c04d3ad54eb4f6c219686b69813a90b04df8b56e82064f78af9b621be72a024e40c6544e481

  • SSDEEP

    6144:S9oAdBhXnbCib7zW7hAOltIcT+oxAxUp401zA5ZNo:SGAdB94NqctKaVm57o

Malware Config

Extracted

Family

redline

Botnet

9-5

C2

139.99.32.83:43199

Attributes
  • auth_value

    637de2b47f42d9cc7912f71cb6b57b5b

Targets

    • Target

      6f89400fec4650df06752dd42288a1a3e231e0b4

    • Size

      301KB

    • MD5

      23ff76d397a0f9ed441b63a21f879a14

    • SHA1

      6f89400fec4650df06752dd42288a1a3e231e0b4

    • SHA256

      ab775442208874566eeb6aa864c71e6328a683925b51ab87ee5539437979d6fb

    • SHA512

      75506892a486046c9a60229bd327aa628c343b21fb8b85659d113c04d3ad54eb4f6c219686b69813a90b04df8b56e82064f78af9b621be72a024e40c6544e481

    • SSDEEP

      6144:S9oAdBhXnbCib7zW7hAOltIcT+oxAxUp401zA5ZNo:SGAdB94NqctKaVm57o

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks