General

  • Target

    815afa303c6499b9f4d202953d33af7f2732b3e49e348bf393923657877c71f1.exe

  • Size

    4.6MB

  • Sample

    241123-wpfaqswjbr

  • MD5

    b38f933da277ca1ec881290f2c830930

  • SHA1

    2e6b9b41dcc6b15168e7e2436d9c8890e2f700a4

  • SHA256

    815afa303c6499b9f4d202953d33af7f2732b3e49e348bf393923657877c71f1

  • SHA512

    a74216494b454abf11e3ae5b6a58af0a9eb0e921c92d16abae8a0648ed3124ca6d9e01ed92a1663f7fa58b99ac0bde309660facd6d3b8ad77c60a2eb24069d80

  • SSDEEP

    98304:wLIgXzEGmyPe4pTQAXf8bTAbqKRf4fRDpvX4i:sdpT5XpeEf4fRl9

Malware Config

Extracted

Family

redline

Botnet

@l_Like_a_Sir_l

C2

138.124.186.121:45760

Attributes
  • auth_value

    9b509f3ca2ec2a739920d789362e5ac4

Targets

    • Target

      815afa303c6499b9f4d202953d33af7f2732b3e49e348bf393923657877c71f1.exe

    • Size

      4.6MB

    • MD5

      b38f933da277ca1ec881290f2c830930

    • SHA1

      2e6b9b41dcc6b15168e7e2436d9c8890e2f700a4

    • SHA256

      815afa303c6499b9f4d202953d33af7f2732b3e49e348bf393923657877c71f1

    • SHA512

      a74216494b454abf11e3ae5b6a58af0a9eb0e921c92d16abae8a0648ed3124ca6d9e01ed92a1663f7fa58b99ac0bde309660facd6d3b8ad77c60a2eb24069d80

    • SSDEEP

      98304:wLIgXzEGmyPe4pTQAXf8bTAbqKRf4fRDpvX4i:sdpT5XpeEf4fRl9

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks