General

  • Target

    8fa971565e0c5fad5da7cb03f8ff64a010508e51ac86fb6443b94e40b8601d75

  • Size

    507KB

  • Sample

    240523-anfn8aee6s

  • MD5

    7162ec3a578b9f26be3d3cb8254d802c

  • SHA1

    27ead8d8d80fb52ce4cf47af3fcb26738b57b976

  • SHA256

    8fa971565e0c5fad5da7cb03f8ff64a010508e51ac86fb6443b94e40b8601d75

  • SHA512

    3b1b0fcbfcd1160b3356c8e3e67847e6b3a091745984ef5933f7b38bd554f58e63583ac7694aa6ca6fe2490029c53e4c3ad6e8ab5ea7a98df64d5b5daec82ee4

  • SSDEEP

    12288:FlIy900UbnirQrWWuu0byZ0lqdXpUVW28:oy0zh0WrqUd

Malware Config

Extracted

Family

redline

Botnet

drake

C2

83.97.73.131:19071

Attributes
  • auth_value

    74ce6ffe4025a2e4027fb727915e7d7c

Targets

    • Target

      8fa971565e0c5fad5da7cb03f8ff64a010508e51ac86fb6443b94e40b8601d75

    • Size

      507KB

    • MD5

      7162ec3a578b9f26be3d3cb8254d802c

    • SHA1

      27ead8d8d80fb52ce4cf47af3fcb26738b57b976

    • SHA256

      8fa971565e0c5fad5da7cb03f8ff64a010508e51ac86fb6443b94e40b8601d75

    • SHA512

      3b1b0fcbfcd1160b3356c8e3e67847e6b3a091745984ef5933f7b38bd554f58e63583ac7694aa6ca6fe2490029c53e4c3ad6e8ab5ea7a98df64d5b5daec82ee4

    • SSDEEP

      12288:FlIy900UbnirQrWWuu0byZ0lqdXpUVW28:oy0zh0WrqUd

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Detects executables packed with ConfuserEx Mod

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks