General

  • Target

    fce7ead3250bc1287c04c213d43dcc29.bin

  • Size

    987KB

  • Sample

    230523-crfvhade27

  • MD5

    99c32713d875449f4053791d1ec0a446

  • SHA1

    b8e44f32f3674448f9fd7000d2036e131453b4db

  • SHA256

    159463dee43611455ae7edebf0518f670a39926c405b2c37fadf6dd196a3b1f5

  • SHA512

    07394fb826a5da9e6475a56b9cd5aca9595b90722e220e9e12262b418f192f3731cbe0109afe74f3dbe898aca54dbe025c019724e457358256856d929cf60d93

  • SSDEEP

    24576:2DnRNwlPSkTKeKxsUk1r77eNoojmuF4VWey6:2DnoPDesRo9jmQzey6

Malware Config

Extracted

Family

redline

Botnet

diza

C2

185.161.248.37:4138

Attributes
  • auth_value

    0d09b419c8bc967f91c68be4a17e92ee

Targets

    • Target

      d6e45d6b938e6eff9382d0b1c5ac247b1064a39eb79aa830e3b61470157b333c.exe

    • Size

      1.0MB

    • MD5

      fce7ead3250bc1287c04c213d43dcc29

    • SHA1

      22ef077ef6dff28dc5b6cd35f162b892e4186a10

    • SHA256

      d6e45d6b938e6eff9382d0b1c5ac247b1064a39eb79aa830e3b61470157b333c

    • SHA512

      b8056f891f91e1c949a620351028999e8422c1315d19ccc2c9085f58470d6ee36e9e5ea93b50920c4419f51206ab8a062cc760bf4f42dff80051e2bd6e8e1634

    • SSDEEP

      24576:ly0swK5sbyRwk70RsYl4CNKBufT30Tuk7/b:AiK5sbywl4C7fT30TT/

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks