General

  • Target

    ca959e23302ad17d87797e39118713c5d3bb2054bff6a79dddfdd8ba552ee195

  • Size

    145KB

  • Sample

    241109-zn3w7avlhr

  • MD5

    2c61b728ad9d753e0e9e5cfbee2767ed

  • SHA1

    7b7aec632c08ad052a5508505f7232590b8fbc8e

  • SHA256

    ca959e23302ad17d87797e39118713c5d3bb2054bff6a79dddfdd8ba552ee195

  • SHA512

    51a02b6c7faee8eec40eb91159c28e33d4001c5146c4aaf6d8b9b257a4c8c6873abee35b00f42fc0603e9551701fa2adcb69cff559c87deb057dac4e4392d4b8

  • SSDEEP

    3072:p4sHLc4iuTGEqKCzJaqXnWmcyKSDJy0KjkgMJYCsFwC7NgtF2ykTOAG/Nhlm:psuTp2aqXnFc440KjkgMSChWgtF2ykBz

Malware Config

Extracted

Family

redline

Botnet

@P1

C2

193.106.191.138:32796

Attributes
  • auth_value

    54c79ce081122137049ee07c0a2f38ab

Targets

    • Target

      eb7cbffa46e3fa95bb17a52284185c03b342eee7411b88e68095bf58b6b06dcc

    • Size

      216KB

    • MD5

      6638ec2762b89fb569b7d5360963d3a5

    • SHA1

      9b381b87942202a85b4a058d205efd7ac92ce31e

    • SHA256

      eb7cbffa46e3fa95bb17a52284185c03b342eee7411b88e68095bf58b6b06dcc

    • SHA512

      1cbf7bbd978087bd648f949fbc7d84e0cdfda76c48134e570916f92c8f4a7cc1006250af2ef296b97b0d62af28b0ecd3e08722681ccd041a639f5da836b25227

    • SSDEEP

      3072:8hbc8yCxsFNcEyyrJ9WU4khLTvPZFzD0yfZNuzK/hRp1d53CDX5dINLqVqU:nCxGNp7FUyf2AhZjwINut

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks