General

  • Target

    325d275190fa49e56479b0ec79b081454ffe91c15f30927e8ef6e617cd472e59

  • Size

    588KB

  • Sample

    241105-e8fbeavcma

  • MD5

    2959a24dbd6674e1f2ed7bfdc669b3d6

  • SHA1

    0fb7275aaa7abad8af1604436ec00daed0fde588

  • SHA256

    325d275190fa49e56479b0ec79b081454ffe91c15f30927e8ef6e617cd472e59

  • SHA512

    c44f4bb0baf2720ba2c4dc8907705eba01cf662ac1af489f21983530e7c3456874085f9664f407dc19b8d8da31f30cd4627cae0dfbc4a011a12ce1c612422064

  • SSDEEP

    12288:LMrYV0qS78objfP/vfP/vfP/vf6qaK6qaK6qaK6qaKN9tdN9tdN9tdNdy90QZbh6:GyVxBl9jNOW8wVVsjZG0

Malware Config

Extracted

Family

redline

Botnet

daris

C2

217.196.96.56:4138

Attributes
  • auth_value

    3491f24ae0250969cd45ce4b3fe77549

Targets

    • Target

      325d275190fa49e56479b0ec79b081454ffe91c15f30927e8ef6e617cd472e59

    • Size

      588KB

    • MD5

      2959a24dbd6674e1f2ed7bfdc669b3d6

    • SHA1

      0fb7275aaa7abad8af1604436ec00daed0fde588

    • SHA256

      325d275190fa49e56479b0ec79b081454ffe91c15f30927e8ef6e617cd472e59

    • SHA512

      c44f4bb0baf2720ba2c4dc8907705eba01cf662ac1af489f21983530e7c3456874085f9664f407dc19b8d8da31f30cd4627cae0dfbc4a011a12ce1c612422064

    • SSDEEP

      12288:LMrYV0qS78objfP/vfP/vfP/vf6qaK6qaK6qaK6qaKN9tdN9tdN9tdNdy90QZbh6:GyVxBl9jNOW8wVVsjZG0

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks