General

  • Target

    171ae43a442d2d13dfb87289b7f8606c22499d9c4a6cf8cba4b19a68b3cb0461

  • Size

    588KB

  • Sample

    241105-a7rwlazpfy

  • MD5

    eda31af148be4a96b3ac857bd595d74e

  • SHA1

    462f5ba7c6bba0ccb41101bcf1a5560674887d0f

  • SHA256

    171ae43a442d2d13dfb87289b7f8606c22499d9c4a6cf8cba4b19a68b3cb0461

  • SHA512

    91997bdc588868a3db04ccbd3bd16a6cf9d58bf4d31393645062b7f6040cbf3a24baf383bc2533742144fc64bb0edae38ead9d4e462b7b85116f2ff8b47812fd

  • SSDEEP

    12288:vMrPy90LvdqCgWyJSPRYlq4A1QV6u88WC8TYjhz+xj9m8mumT4eFXxfD:ky6xgWyJSPRyq4MQVj8dC8Ti+nm8Do46

Malware Config

Extracted

Family

redline

Botnet

daris

C2

217.196.96.56:4138

Attributes
  • auth_value

    3491f24ae0250969cd45ce4b3fe77549

Targets

    • Target

      171ae43a442d2d13dfb87289b7f8606c22499d9c4a6cf8cba4b19a68b3cb0461

    • Size

      588KB

    • MD5

      eda31af148be4a96b3ac857bd595d74e

    • SHA1

      462f5ba7c6bba0ccb41101bcf1a5560674887d0f

    • SHA256

      171ae43a442d2d13dfb87289b7f8606c22499d9c4a6cf8cba4b19a68b3cb0461

    • SHA512

      91997bdc588868a3db04ccbd3bd16a6cf9d58bf4d31393645062b7f6040cbf3a24baf383bc2533742144fc64bb0edae38ead9d4e462b7b85116f2ff8b47812fd

    • SSDEEP

      12288:vMrPy90LvdqCgWyJSPRYlq4A1QV6u88WC8TYjhz+xj9m8mumT4eFXxfD:ky6xgWyJSPRyq4MQVj8dC8Ti+nm8Do46

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks