General

  • Target

    3cda369a2f6c8eb0b26616906158f613ff5ab0351f7b0e55852fa3c29b8a25fe

  • Size

    1.8MB

  • Sample

    241109-yk91natmfq

  • MD5

    8aed70b8a3d23b792ae9a2c4c8ae402e

  • SHA1

    1f77909a2a843894eac7a6a174df0ffd2a3b6bd0

  • SHA256

    3cda369a2f6c8eb0b26616906158f613ff5ab0351f7b0e55852fa3c29b8a25fe

  • SHA512

    1c3807251d3e77b5d4fd1104f1e593bfececd505c9e10a4bb205d6725fad4bc6bddc0c2b2309bb9b8b2f6d8cd8530c924488f0849b0beaca7237b3489d5e69e5

  • SSDEEP

    49152:sXV6J6fD5bG8bAm/EoN6gbR5Az/wCd9FlP+Re:QVm6flRkwDAUCd/lPx

Malware Config

Extracted

Family

redline

Botnet

13fin

C2

45.15.156.217:9279

Attributes
  • auth_value

    1645d0b21b6f7323bae97845a7a835e2

Targets

    • Target

      fec0d6c1799c5cda897effd9e4b73dd74d82f7e034a87aea56c9851a0d167206

    • Size

      626.6MB

    • MD5

      e814d32708213c1c56d7d5e80093ceb4

    • SHA1

      8c205abcbcfbbe8afad42f5c85f6d3a503568c50

    • SHA256

      fec0d6c1799c5cda897effd9e4b73dd74d82f7e034a87aea56c9851a0d167206

    • SHA512

      cec475bb0004922b0a57ce82bc9cd701844f4e888fdf969c1ef8e592802b30f3652aa5c0a6f47913b0d5f93f2b083488fabd4457c1a16d0afbb1ae63d3d2c260

    • SSDEEP

      49152:Hh+ZkldoPK8Ya05pEswo/qCxAiXF+IKe:w2cPK80fqYAii

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks