General

  • Target

    f604e65cbd105abccf231728c40a6b4b7bb0057c2ca2d89a80d2dd2d0e23d265

  • Size

    9.7MB

  • Sample

    241109-ykql1szndw

  • MD5

    43d6cbd5ddad4fd1dfb14f1b95c49932

  • SHA1

    833ee898eaf9df9a8eb83713965e71de9719d32d

  • SHA256

    f604e65cbd105abccf231728c40a6b4b7bb0057c2ca2d89a80d2dd2d0e23d265

  • SHA512

    1c515b918adc7f99e4d7964da0f593e14ccd5c9f91462e8370752ddec2c84a438f805e5ec3ddf03689b85ee23f9f5d0025a5a24f49f49f85f1c66b9785bfbcfc

  • SSDEEP

    3072:SwDxgMzhr/MLZS2kLiXnJTvcYMocO+KPIQu679fE6fS1fms4R1N0dozjS8Tf6:XDWMzgC+rcwIQzxfLfS1fms4R1N0dg6

Malware Config

Extracted

Family

redline

Botnet

5674706393

C2

116.203.87.254:44351

Attributes
  • auth_value

    b27ab0ff0ccdc42262da6a5541a1fda4

Targets

    • Target

      f604e65cbd105abccf231728c40a6b4b7bb0057c2ca2d89a80d2dd2d0e23d265

    • Size

      9.7MB

    • MD5

      43d6cbd5ddad4fd1dfb14f1b95c49932

    • SHA1

      833ee898eaf9df9a8eb83713965e71de9719d32d

    • SHA256

      f604e65cbd105abccf231728c40a6b4b7bb0057c2ca2d89a80d2dd2d0e23d265

    • SHA512

      1c515b918adc7f99e4d7964da0f593e14ccd5c9f91462e8370752ddec2c84a438f805e5ec3ddf03689b85ee23f9f5d0025a5a24f49f49f85f1c66b9785bfbcfc

    • SSDEEP

      3072:SwDxgMzhr/MLZS2kLiXnJTvcYMocO+KPIQu679fE6fS1fms4R1N0dozjS8Tf6:XDWMzgC+rcwIQzxfLfS1fms4R1N0dg6

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks