General

  • Target

    2dc4a356558b229e53998e6c114b3697aa1cf08f3da6122b2d3c5b01c9790414

  • Size

    479KB

  • Sample

    241030-1ylakatkfm

  • MD5

    e821de3920101930f276babb770be5d9

  • SHA1

    946be878107032eea4d9d487e6689bf60b421eba

  • SHA256

    2dc4a356558b229e53998e6c114b3697aa1cf08f3da6122b2d3c5b01c9790414

  • SHA512

    43eee2b89a56e8d1db9d07ca1e73dedd34642273bc6dd528284fe1cde5c98436dd193ac82e5eec210ed203e238a80ce36737496ada192e373c912503882ac82b

  • SSDEEP

    12288:8Mr4y90IFnDSTEnL0kJmCNqN2cFVwcBw8g:EyPFIk7qEcFec7g

Malware Config

Extracted

Family

redline

Botnet

diwer

C2

217.196.96.101:4132

Attributes
  • auth_value

    42abfa9e4f2e290c8bdbc776fd9bb6ad

Targets

    • Target

      2dc4a356558b229e53998e6c114b3697aa1cf08f3da6122b2d3c5b01c9790414

    • Size

      479KB

    • MD5

      e821de3920101930f276babb770be5d9

    • SHA1

      946be878107032eea4d9d487e6689bf60b421eba

    • SHA256

      2dc4a356558b229e53998e6c114b3697aa1cf08f3da6122b2d3c5b01c9790414

    • SHA512

      43eee2b89a56e8d1db9d07ca1e73dedd34642273bc6dd528284fe1cde5c98436dd193ac82e5eec210ed203e238a80ce36737496ada192e373c912503882ac82b

    • SSDEEP

      12288:8Mr4y90IFnDSTEnL0kJmCNqN2cFVwcBw8g:EyPFIk7qEcFec7g

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks