General

  • Target

    c861261c18d3016009e78c4056691aa1369fdb54b7da2ee7ded00fd1d7a72f76

  • Size

    155KB

  • Sample

    241110-b1r4fszkaq

  • MD5

    2789f00ed78c7c7815adff8e109daa6b

  • SHA1

    9eaf3ae0478338dd4a1da54b71443627701a9619

  • SHA256

    c861261c18d3016009e78c4056691aa1369fdb54b7da2ee7ded00fd1d7a72f76

  • SHA512

    b7c5aa0b7fc2e41c9abd7288655f82cc57e67536bf26d49dfe1ba9b4cb5d40224871bc7a5e4053554e9edfa65fa6cd3b77e033a8bad37514362f8359a28d2f1a

  • SSDEEP

    3072:tkACnsIimChVBd6y2/lc7MXQSkPqwkR2ydNP/6kcD1GWy:tkPnsdmMVBn2/lc/SkF+Fchjy

Malware Config

Extracted

Family

redline

Botnet

TRY1

C2

65.21.48.161:23507

Attributes
  • auth_value

    42abb248a0e1f6ac4641c0d24bd36485

Targets

    • Target

      9b298cb4d3f65ef31c181df51412ad0daaf56951e4e470f0be70d19e07577a61.exe

    • Size

      1.3MB

    • MD5

      18f3bdf0c0f1be37b54ef2a414e10f92

    • SHA1

      db3ff089e2b77a787aafdd566dbcf037c663a1a6

    • SHA256

      9b298cb4d3f65ef31c181df51412ad0daaf56951e4e470f0be70d19e07577a61

    • SHA512

      cf09bc77c37544e97e9114aafd8c4ca4aea92bfed91bfb71355805e283ebd15a82d6ff0a7d0594a42f6545049e84e896bcf067ab41b3ae63c1ceb40379fdaf78

    • SSDEEP

      6144:067MlzO9w/WAF8jALfHU/6hDOSFqWIQYnQr:067MlzrPUyhaSE8

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks