General

  • Target

    f34ff4756a0e299c19cb501c105608021e35fed1

  • Size

    289KB

  • Sample

    241109-znh7savlgr

  • MD5

    d9aeedafd4aba0e4e0d1efc70b6d4852

  • SHA1

    f34ff4756a0e299c19cb501c105608021e35fed1

  • SHA256

    67be8a54f43a6fd55948e79c445ffe91da7b840a3016a69ad91a4cdf2fddd877

  • SHA512

    195371ee67376f5b5a490eb70199036f59385e4679519b07c6d884e2e1e82e2cb46d5d45b4974ca3da965c46a0e01344ccb215378d2cdb5e28532578e6b88571

  • SSDEEP

    6144:8XoqjzBltBvlWqEL+AOqgok19OM/cSgQL3x2RyXC:8XFjzbJwgok19ZbsmC

Malware Config

Extracted

Family

redline

Botnet

nam5

C2

103.89.90.61:34589

Attributes
  • auth_value

    543e073674533e6c674abb1adba6e5c7

Targets

    • Target

      f34ff4756a0e299c19cb501c105608021e35fed1

    • Size

      289KB

    • MD5

      d9aeedafd4aba0e4e0d1efc70b6d4852

    • SHA1

      f34ff4756a0e299c19cb501c105608021e35fed1

    • SHA256

      67be8a54f43a6fd55948e79c445ffe91da7b840a3016a69ad91a4cdf2fddd877

    • SHA512

      195371ee67376f5b5a490eb70199036f59385e4679519b07c6d884e2e1e82e2cb46d5d45b4974ca3da965c46a0e01344ccb215378d2cdb5e28532578e6b88571

    • SSDEEP

      6144:8XoqjzBltBvlWqEL+AOqgok19OM/cSgQL3x2RyXC:8XFjzbJwgok19ZbsmC

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks