General

  • Target

    73d897ece0ff8488c8fc0e1e6762dfd07a2a7845

  • Size

    507KB

  • Sample

    241109-yvd1za1ejk

  • MD5

    ab49c2ca3305c4c3bc186410806d6592

  • SHA1

    73d897ece0ff8488c8fc0e1e6762dfd07a2a7845

  • SHA256

    3296baf533d18918548036af51b7f0091c6e605cdf15977d6a8ec5d8acd1a25e

  • SHA512

    f3db78152a3fc60a56e98d1b45045d757a568ef0c856996c37b1a0bff7aa8ae784e9b28aa46a8326fefa3fa26115e6311d348256287e54f2a2600eabdfcb9003

  • SSDEEP

    12288:UJtzAvBGK6Fo9KR0FUhCsRyIHPj3KVvGQ7WA4rfqNkESa5Vs0x:UJOPiPRyIvj4KRONke

Malware Config

Extracted

Family

redline

C2

193.106.191.160:8673

Attributes
  • auth_value

    b452e7074eb79e37fc942576d3e3c701

Targets

    • Target

      514b153fab40eaa4af3da65815555d38dadd1a82dfa69c984e8a1a7bd52d0912.exe

    • Size

      1.2MB

    • MD5

      0d68db093491340bc76ffa5a0c26ff5a

    • SHA1

      1e9d6fb6425bf3313add5000c3f12c542011ec65

    • SHA256

      514b153fab40eaa4af3da65815555d38dadd1a82dfa69c984e8a1a7bd52d0912

    • SHA512

      4cface11ff638170910a5183a9ae875feff493beb6267f0504e62041f02cdb12d5e59a4b6ab6f3bc5f711aad686efd456d138f385724cde8cc8da3f2b593401e

    • SSDEEP

      24576:R0lMPffCqhz0+jYiYWl+t8KMEHJF+AxKf1PnqFMC+fuPO+v6YT:R0lMPHbl0TGkNrG+fT

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks