General

  • Target

    5e44315ce1502e3592f614e7da161173732e3e9a5e70a610dccc654b25f96671

  • Size

    584KB

  • Sample

    230606-e6pr3acf2s

  • MD5

    4e55e517797a7dcde95e31447b31c659

  • SHA1

    b76e9db5e5d9272b618806c35ce7ab11d8b39eb1

  • SHA256

    5e44315ce1502e3592f614e7da161173732e3e9a5e70a610dccc654b25f96671

  • SHA512

    90b36d603bbf5118c998c68746deab5847d318a838dff421fd464fab42c4e4316f1eb4e8691cb3409fe9a71a532c49fea8a29e9fe8240506b09350a0e05060db

  • SSDEEP

    12288:QMrWy90K4EEx8cAepVZNl+E73i5wMtaMQZ4:WyGHpqETi5wMcMQZ4

Malware Config

Extracted

Family

redline

Botnet

diza

C2

83.97.73.126:19048

Attributes
  • auth_value

    0d09b419c8bc967f91c68be4a17e92ee

Targets

    • Target

      5e44315ce1502e3592f614e7da161173732e3e9a5e70a610dccc654b25f96671

    • Size

      584KB

    • MD5

      4e55e517797a7dcde95e31447b31c659

    • SHA1

      b76e9db5e5d9272b618806c35ce7ab11d8b39eb1

    • SHA256

      5e44315ce1502e3592f614e7da161173732e3e9a5e70a610dccc654b25f96671

    • SHA512

      90b36d603bbf5118c998c68746deab5847d318a838dff421fd464fab42c4e4316f1eb4e8691cb3409fe9a71a532c49fea8a29e9fe8240506b09350a0e05060db

    • SSDEEP

      12288:QMrWy90K4EEx8cAepVZNl+E73i5wMtaMQZ4:WyGHpqETi5wMcMQZ4

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks