General

  • Target

    8c787fdfb5c6e934a218c153a8cf2f8c59ccc1875640ece708b3178129ab3871

  • Size

    588KB

  • Sample

    241105-fwe1jsxqbj

  • MD5

    e675f48c52bf9b3f0e1e2ad4f1b70990

  • SHA1

    163b61b26a7b25fb55b7b81046d6a4afc834bb50

  • SHA256

    8c787fdfb5c6e934a218c153a8cf2f8c59ccc1875640ece708b3178129ab3871

  • SHA512

    c175a7362cfba3edaae1b7b81daa2728ad31065a32c24b937d65f53525d80ee3bb663791d597a9b62439dbf16823c448a6aca076a490084fccaa71b61472e2da

  • SSDEEP

    12288:5MrRy90KgkS6slFqf3ljEqtBJdzr+jyxaPFoHVLWZT7:UylrS6CIf3l4g5P3aa2X

Malware Config

Extracted

Family

redline

Botnet

daris

C2

217.196.96.56:4138

Attributes
  • auth_value

    3491f24ae0250969cd45ce4b3fe77549

Targets

    • Target

      8c787fdfb5c6e934a218c153a8cf2f8c59ccc1875640ece708b3178129ab3871

    • Size

      588KB

    • MD5

      e675f48c52bf9b3f0e1e2ad4f1b70990

    • SHA1

      163b61b26a7b25fb55b7b81046d6a4afc834bb50

    • SHA256

      8c787fdfb5c6e934a218c153a8cf2f8c59ccc1875640ece708b3178129ab3871

    • SHA512

      c175a7362cfba3edaae1b7b81daa2728ad31065a32c24b937d65f53525d80ee3bb663791d597a9b62439dbf16823c448a6aca076a490084fccaa71b61472e2da

    • SSDEEP

      12288:5MrRy90KgkS6slFqf3ljEqtBJdzr+jyxaPFoHVLWZT7:UylrS6CIf3l4g5P3aa2X

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks