General

  • Target

    09b8353ba30da7abd836ea8b2bce535e.bin

  • Size

    531KB

  • Sample

    230614-bdlm6acf6s

  • MD5

    575e4324b5e346a56ac597c675a05077

  • SHA1

    54b1538f9ea1762ccf058875961246236db19693

  • SHA256

    3de6feab0f88fea9cf115ca6d02d0a0194f7f5bd744ddb7645f0510404d86306

  • SHA512

    ed63fe63a5ed911e6f277ae2e059ba6b6edb0eecb069e1db8a5b29a610f277048882c5d741c59688618b1bc104314d81615fca7d2812c6303e98bde8ecb739f5

  • SSDEEP

    12288:8AVrciClXp5KWCUCtP3B7Oy9DEWrEU0wK216IobvXIHvNR:tVAisTfW3ByyhrEU0wHHQf0NR

Malware Config

Extracted

Family

redline

Botnet

doro

C2

83.97.73.129:19068

Attributes
  • auth_value

    03f411441fb3fa233179c2cc8ffbce27

Targets

    • Target

      4fe304e1ceef6b6a6cd174669f74707f5d832911fc7cbc6a07e50c84d1703c4f.exe

    • Size

      575KB

    • MD5

      09b8353ba30da7abd836ea8b2bce535e

    • SHA1

      ee3a106546f8e19477b91463685b75a4c161de56

    • SHA256

      4fe304e1ceef6b6a6cd174669f74707f5d832911fc7cbc6a07e50c84d1703c4f

    • SHA512

      82fbe09471c47202062ecc3c1a746612fbea5b6f6ab9a07273812bfff5839fb1d008f2f08d42731710f6045981834e5297099804df684c24cce99a294fe3bc58

    • SSDEEP

      12288:SMrUy905YmSPZYR0J0UkAswi8fOm1UrEBIITGxwbT5tC5QG4W:Syj7xgI0U5hWu2E/TGk3ha

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Tasks