General

  • Target

    25676f49140cc80fd97ff368ece03ac4b4f96dd87ee0c764cddcd0125c68f509

  • Size

    730KB

  • Sample

    241104-ssvcaaselj

  • MD5

    0da7ed8f28f48a1fbe9fc286fe8bc565

  • SHA1

    d9bb3aab9fe0edc0e239140b070f92abe5a48750

  • SHA256

    25676f49140cc80fd97ff368ece03ac4b4f96dd87ee0c764cddcd0125c68f509

  • SHA512

    8c9e4e65e2d5b1d67b9b74917df80dd0715577ced7acff922081a5db91469f634b8ea18a2d720c363334d91e9f8393f071e844d9a9c425cea9812545fa878d1e

  • SSDEEP

    12288:GMrcy903rFz6myoIqJ5toKnbtQ9oIpgyCSUDbMrPbzUk8YzAU/cv/xC8Br7z:SyK5Xy/qPlWoIpgFSUDbIPX9YicRCsv

Malware Config

Extracted

Family

redline

Botnet

dars

C2

83.97.73.127:19045

Attributes
  • auth_value

    7cd208e6b6c927262304d5d4d88647fd

Targets

    • Target

      25676f49140cc80fd97ff368ece03ac4b4f96dd87ee0c764cddcd0125c68f509

    • Size

      730KB

    • MD5

      0da7ed8f28f48a1fbe9fc286fe8bc565

    • SHA1

      d9bb3aab9fe0edc0e239140b070f92abe5a48750

    • SHA256

      25676f49140cc80fd97ff368ece03ac4b4f96dd87ee0c764cddcd0125c68f509

    • SHA512

      8c9e4e65e2d5b1d67b9b74917df80dd0715577ced7acff922081a5db91469f634b8ea18a2d720c363334d91e9f8393f071e844d9a9c425cea9812545fa878d1e

    • SSDEEP

      12288:GMrcy903rFz6myoIqJ5toKnbtQ9oIpgyCSUDbMrPbzUk8YzAU/cv/xC8Br7z:SyK5Xy/qPlWoIpgFSUDbIPX9YicRCsv

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks