General

  • Target

    906820c3da391aa6c0b53b44ba67a5fb

  • Size

    300KB

  • Sample

    241109-yl8h8a1cnq

  • MD5

    906820c3da391aa6c0b53b44ba67a5fb

  • SHA1

    3d65c9f4956890abf5d2ddd78dcf0206d285335c

  • SHA256

    d97cb558c1d67a532b0653c37656c2c70b5321e464a79b788bb8a0ea6c05e114

  • SHA512

    6166541d9924d0c4d4cf54e85c803de87cdd9f83eadb3ba286cafe5ad9bd6a2bc8406bbf17a74f701b6515bedf1388cc1f77a43d2a1481cce1f8a5c046bcca02

  • SSDEEP

    6144:GvxlVJyUAdJNAAK4rcnrAoABAOj7i+yEkiMP0+p57Z:GJlVJyUAj/cSBZ7LWrZ

Malware Config

Extracted

Family

redline

Botnet

nam5

C2

103.89.90.61:34589

Attributes
  • auth_value

    543e073674533e6c674abb1adba6e5c7

Targets

    • Target

      906820c3da391aa6c0b53b44ba67a5fb

    • Size

      300KB

    • MD5

      906820c3da391aa6c0b53b44ba67a5fb

    • SHA1

      3d65c9f4956890abf5d2ddd78dcf0206d285335c

    • SHA256

      d97cb558c1d67a532b0653c37656c2c70b5321e464a79b788bb8a0ea6c05e114

    • SHA512

      6166541d9924d0c4d4cf54e85c803de87cdd9f83eadb3ba286cafe5ad9bd6a2bc8406bbf17a74f701b6515bedf1388cc1f77a43d2a1481cce1f8a5c046bcca02

    • SSDEEP

      6144:GvxlVJyUAdJNAAK4rcnrAoABAOj7i+yEkiMP0+p57Z:GJlVJyUAj/cSBZ7LWrZ

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks