General

  • Target

    abc95cae37b9182d50bd4e682da95504af7ae1cb1433f85a31df20c3e7c5dad6.exe

  • Size

    383KB

  • Sample

    241123-pzs61svmes

  • MD5

    75a974862d5d04cc57b6dd1e32763ad7

  • SHA1

    bcf8eb98cfef79cafb4733944cbf78dc1f1c69e2

  • SHA256

    abc95cae37b9182d50bd4e682da95504af7ae1cb1433f85a31df20c3e7c5dad6

  • SHA512

    ed774772a5dde6d50465e974e64612ad8ad148bdd80b7cbe70778d5b7ead8801a14cc2644cd83150d507862e0260733088f6c07e1961a16a02ca7a6b6db9af1f

  • SSDEEP

    6144:G29XY1Hq1AlaqaoAVzfeOHavspTulZfW4OcjmvXZjSxaR:t9XCHeAlaqaohOHavspTulZfW4OcjmvN

Malware Config

Extracted

Family

redline

Botnet

jjfuck

C2

135.181.129.119:4805

Attributes
  • auth_value

    b69102cdbd4afe2d3159f88fb6dac731

Targets

    • Target

      abc95cae37b9182d50bd4e682da95504af7ae1cb1433f85a31df20c3e7c5dad6.exe

    • Size

      383KB

    • MD5

      75a974862d5d04cc57b6dd1e32763ad7

    • SHA1

      bcf8eb98cfef79cafb4733944cbf78dc1f1c69e2

    • SHA256

      abc95cae37b9182d50bd4e682da95504af7ae1cb1433f85a31df20c3e7c5dad6

    • SHA512

      ed774772a5dde6d50465e974e64612ad8ad148bdd80b7cbe70778d5b7ead8801a14cc2644cd83150d507862e0260733088f6c07e1961a16a02ca7a6b6db9af1f

    • SSDEEP

      6144:G29XY1Hq1AlaqaoAVzfeOHavspTulZfW4OcjmvXZjSxaR:t9XCHeAlaqaohOHavspTulZfW4OcjmvN

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks