General

  • Target

    5e126caceae53e81b419f007c74e90c4f0e0110db4278e066a1c5d003c65b2af

  • Size

    567KB

  • Sample

    241105-ba4pkazqev

  • MD5

    2518eee5cce73821143c674a63609b46

  • SHA1

    6aedc9d594991c401aa5323db2640cb94f6220bc

  • SHA256

    5e126caceae53e81b419f007c74e90c4f0e0110db4278e066a1c5d003c65b2af

  • SHA512

    b1fab3481e1e7ea3a2e985e4996deba42a892cb55efc904e332d761e0d9049a65d2f8e52b7d482c24df6d749f0477b4c2681304a355e1a7b625d697d38d803ef

  • SSDEEP

    12288:pMr8y90w0CENvJyzOyfYYZUfyq4FSDdcTs1wY9/s6I1:lyCvUzDYYZ+yq4Yjt9/i1

Malware Config

Extracted

Family

redline

Botnet

daris

C2

217.196.96.56:4138

Attributes
  • auth_value

    3491f24ae0250969cd45ce4b3fe77549

Targets

    • Target

      5e126caceae53e81b419f007c74e90c4f0e0110db4278e066a1c5d003c65b2af

    • Size

      567KB

    • MD5

      2518eee5cce73821143c674a63609b46

    • SHA1

      6aedc9d594991c401aa5323db2640cb94f6220bc

    • SHA256

      5e126caceae53e81b419f007c74e90c4f0e0110db4278e066a1c5d003c65b2af

    • SHA512

      b1fab3481e1e7ea3a2e985e4996deba42a892cb55efc904e332d761e0d9049a65d2f8e52b7d482c24df6d749f0477b4c2681304a355e1a7b625d697d38d803ef

    • SSDEEP

      12288:pMr8y90w0CENvJyzOyfYYZUfyq4FSDdcTs1wY9/s6I1:lyCvUzDYYZ+yq4Yjt9/i1

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks