General

  • Target

    61361f8c92eac4007b1281ce378ec28fc3978aafba90dd535a4d1ddc5328d7a2

  • Size

    589KB

  • Sample

    241110-25g26axene

  • MD5

    7b191861f1ad52c386a418d43f6184d4

  • SHA1

    6702d8f517c4ef7340e95e6116591e35b3c745fd

  • SHA256

    61361f8c92eac4007b1281ce378ec28fc3978aafba90dd535a4d1ddc5328d7a2

  • SHA512

    4fd900234aa18fe6affeb5895bfed8107aafa7677ca4f371aae8a298a45320d98f579d9921515f93e3d82aa2634db586167495796fda0fa0b43444cf777fde3e

  • SSDEEP

    12288:GMr/y90xlIo7NOFrOg6FXvF9pgqlA2igfFDN1tswGnNdiwIR:1yi57NOFJ6RiqPiUpP0ihR

Malware Config

Extracted

Family

redline

Botnet

crypt1

C2

176.113.115.17:4132

Attributes
  • auth_value

    2e2ca7bbceaa9f98252a6f9fc0e6fa86

Extracted

Family

redline

Botnet

romik

C2

193.233.20.12:4132

Attributes
  • auth_value

    8fb78d2889ba0ca42678b59b884e88ff

Targets

    • Target

      61361f8c92eac4007b1281ce378ec28fc3978aafba90dd535a4d1ddc5328d7a2

    • Size

      589KB

    • MD5

      7b191861f1ad52c386a418d43f6184d4

    • SHA1

      6702d8f517c4ef7340e95e6116591e35b3c745fd

    • SHA256

      61361f8c92eac4007b1281ce378ec28fc3978aafba90dd535a4d1ddc5328d7a2

    • SHA512

      4fd900234aa18fe6affeb5895bfed8107aafa7677ca4f371aae8a298a45320d98f579d9921515f93e3d82aa2634db586167495796fda0fa0b43444cf777fde3e

    • SSDEEP

      12288:GMr/y90xlIo7NOFrOg6FXvF9pgqlA2igfFDN1tswGnNdiwIR:1yi57NOFJ6RiqPiUpP0ihR

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks