General

  • Target

    fcb8a4b3ced65bf7537560f8062658cf6e99ebf5eb8ec9a7e73cc347359896b8

  • Size

    192KB

  • Sample

    241109-ym6q1s1cqq

  • MD5

    b4db4ae93a17d8d4d335f6f903a91ad7

  • SHA1

    3e24a5ccd18d77266fd2417d960048b12169649c

  • SHA256

    fcb8a4b3ced65bf7537560f8062658cf6e99ebf5eb8ec9a7e73cc347359896b8

  • SHA512

    bbf3227c7a55b72f98be8fc5384f26db7c677e985eda75cc907598d13bb41706599f2f89c18e3fe2c6a8999483c5a78c54dcde8fe79e9543f0c3233737c756ee

  • SSDEEP

    6144:n2YnhYdPG8XLBgSwsohaRdlT165z8Kep9v:nTn2dPBtgS8hAdPO8Ku

Malware Config

Extracted

Family

redline

C2

135.181.173.163:4326

Attributes
  • auth_value

    a909e2aaecf96137978fea4f86400b9b

Targets

    • Target

      340bb878ef89813c76d3e1e707f376ee7d1542b0a8d3fb43ef683b568e8a6e27.exe

    • Size

      1.2MB

    • MD5

      10a20cee622c86d4c18b844bd5152615

    • SHA1

      7cf1b7eb424408c3cd0bbbad4badda09dad1914d

    • SHA256

      340bb878ef89813c76d3e1e707f376ee7d1542b0a8d3fb43ef683b568e8a6e27

    • SHA512

      5d7e66ad5103a73c6d66694681f03bb9ba9665315828da4432944081a679e5a10728d97887ad53e085791d7d62858916e42be57a59c5a32e4c97a8c242e87254

    • SSDEEP

      12288:9abzQlv3Q4f6uyBYk7n5Bbdh+kF7tGGlvU:miv3Qqqbf9U

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks