General

  • Target

    59bc9b7fbd5bf8aeb9dbd709946a4f2ef7f579bb20cb499487533852ff575231

  • Size

    567KB

  • Sample

    241105-bkp9xssarj

  • MD5

    111e55c8de984b5a79dc882de60a377c

  • SHA1

    62c5c7a05999daeac05138d8055d1fc4b2360f88

  • SHA256

    59bc9b7fbd5bf8aeb9dbd709946a4f2ef7f579bb20cb499487533852ff575231

  • SHA512

    69bd6474ddc587a96880e5273bcfd09cb4ae397baaa1dec8eac433eeb57348dc043b2d88436991be9a88babeaad532ae91a31c64dd5762f364c0416a4cc18250

  • SSDEEP

    12288:nMrTy90Vo7kAN6AfJ0L+XzQH3W5kU038Iz1rf:QysovpzQH3WngB

Malware Config

Extracted

Family

redline

Botnet

daris

C2

217.196.96.56:4138

Attributes
  • auth_value

    3491f24ae0250969cd45ce4b3fe77549

Targets

    • Target

      59bc9b7fbd5bf8aeb9dbd709946a4f2ef7f579bb20cb499487533852ff575231

    • Size

      567KB

    • MD5

      111e55c8de984b5a79dc882de60a377c

    • SHA1

      62c5c7a05999daeac05138d8055d1fc4b2360f88

    • SHA256

      59bc9b7fbd5bf8aeb9dbd709946a4f2ef7f579bb20cb499487533852ff575231

    • SHA512

      69bd6474ddc587a96880e5273bcfd09cb4ae397baaa1dec8eac433eeb57348dc043b2d88436991be9a88babeaad532ae91a31c64dd5762f364c0416a4cc18250

    • SSDEEP

      12288:nMrTy90Vo7kAN6AfJ0L+XzQH3W5kU038Iz1rf:QysovpzQH3WngB

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks