General

  • Target

    523ab7eca6d01449e04c9ff07d6e3ee3a38095ad2c8ad34ba1759b4348000744.exe

  • Size

    517KB

  • Sample

    241122-w913ya1rhl

  • MD5

    0a15bac84729b02b399d3bd71f7c0853

  • SHA1

    fc8d4551dd7711832ec0a7eae584a41ee7395d12

  • SHA256

    523ab7eca6d01449e04c9ff07d6e3ee3a38095ad2c8ad34ba1759b4348000744

  • SHA512

    8e7ffed904ff9abee0b484db87433cc8302d952565619c2879e26d75f682c173564495071eabc1fa637d0807ac70a5db4104bba8108f514d4922a9253c4c3f6f

  • SSDEEP

    3072:ef1fltoqP6j/we9Ffy8OGb6nfss1JYHENejxesYcfGFh8:ef1flqk6j/wuF53s/vhcfaq

Malware Config

Extracted

Family

redline

C2

141.94.188.138:46419

Attributes
  • auth_value

    3f48b95855158031ae9e7dafcb203009

Targets

    • Target

      523ab7eca6d01449e04c9ff07d6e3ee3a38095ad2c8ad34ba1759b4348000744.exe

    • Size

      517KB

    • MD5

      0a15bac84729b02b399d3bd71f7c0853

    • SHA1

      fc8d4551dd7711832ec0a7eae584a41ee7395d12

    • SHA256

      523ab7eca6d01449e04c9ff07d6e3ee3a38095ad2c8ad34ba1759b4348000744

    • SHA512

      8e7ffed904ff9abee0b484db87433cc8302d952565619c2879e26d75f682c173564495071eabc1fa637d0807ac70a5db4104bba8108f514d4922a9253c4c3f6f

    • SSDEEP

      3072:ef1fltoqP6j/we9Ffy8OGb6nfss1JYHENejxesYcfGFh8:ef1flqk6j/wuF53s/vhcfaq

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks