General

  • Target

    5f3e5a2d33c925517279d521a8d61f49ef85f95e91ef7f01ee906f2a8b5fa67a

  • Size

    587KB

  • Sample

    241105-ez5vpsvaqg

  • MD5

    1b1fb4f475434601d0a96e864d1b0e9c

  • SHA1

    9511c60cf19b161077b063bdb2bcf543893efac6

  • SHA256

    5f3e5a2d33c925517279d521a8d61f49ef85f95e91ef7f01ee906f2a8b5fa67a

  • SHA512

    359f1c6dc245b8cfa3fbcce743fc3ed3f16eb9fb6658223e28c76e3df4027521227a88de986c64552b0442e871fcb138d079429dafa11faf6a5e7a5bcc360178

  • SSDEEP

    12288:nMr3y90zlQD1f2nCJwB2xuMzlYK3Rqg36+3TYX:UyidnWwwPzlYK3wg36UE

Malware Config

Extracted

Family

redline

Botnet

daris

C2

217.196.96.56:4138

Attributes
  • auth_value

    3491f24ae0250969cd45ce4b3fe77549

Targets

    • Target

      5f3e5a2d33c925517279d521a8d61f49ef85f95e91ef7f01ee906f2a8b5fa67a

    • Size

      587KB

    • MD5

      1b1fb4f475434601d0a96e864d1b0e9c

    • SHA1

      9511c60cf19b161077b063bdb2bcf543893efac6

    • SHA256

      5f3e5a2d33c925517279d521a8d61f49ef85f95e91ef7f01ee906f2a8b5fa67a

    • SHA512

      359f1c6dc245b8cfa3fbcce743fc3ed3f16eb9fb6658223e28c76e3df4027521227a88de986c64552b0442e871fcb138d079429dafa11faf6a5e7a5bcc360178

    • SSDEEP

      12288:nMr3y90zlQD1f2nCJwB2xuMzlYK3Rqg36+3TYX:UyidnWwwPzlYK3wg36UE

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks