General

  • Target

    318b0b0864f1e59615ed7d141468a5c35ce58288423927106788ad479f8b885e

  • Size

    289KB

  • Sample

    241111-htjbastrht

  • MD5

    60169a8cb09c484105a950ddf5e27870

  • SHA1

    d23d812f02e264d12fa41705f2fd655c3ecdcfe4

  • SHA256

    318b0b0864f1e59615ed7d141468a5c35ce58288423927106788ad479f8b885e

  • SHA512

    a935647c2846622651bd26c4a85d7de8d087294782c6d7ec4468e96d9faca16acb140cfc59b7c459cd36e2a255a73f68a39f31a37bf46ac8638f14c8bad08fd6

  • SSDEEP

    6144:avoqjzBltBvlWqEL+AOpjevb7A38VzZntXGPcsXC:avFjzbJQfA3ctXVQC

Malware Config

Extracted

Family

redline

Botnet

nam5

C2

103.89.90.61:34589

Attributes
  • auth_value

    543e073674533e6c674abb1adba6e5c7

Targets

    • Target

      318b0b0864f1e59615ed7d141468a5c35ce58288423927106788ad479f8b885e

    • Size

      289KB

    • MD5

      60169a8cb09c484105a950ddf5e27870

    • SHA1

      d23d812f02e264d12fa41705f2fd655c3ecdcfe4

    • SHA256

      318b0b0864f1e59615ed7d141468a5c35ce58288423927106788ad479f8b885e

    • SHA512

      a935647c2846622651bd26c4a85d7de8d087294782c6d7ec4468e96d9faca16acb140cfc59b7c459cd36e2a255a73f68a39f31a37bf46ac8638f14c8bad08fd6

    • SSDEEP

      6144:avoqjzBltBvlWqEL+AOpjevb7A38VzZntXGPcsXC:avFjzbJQfA3ctXVQC

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks