General

  • Target

    ad899ebc75e725ff8553a27b5c79c99c86867483ddf66a7f76a25d4f1edfd1b4

  • Size

    602KB

  • Sample

    241106-qqxcratkam

  • MD5

    1f47c4d24a14f869aefef7057cbdb578

  • SHA1

    5a13c99f8b60e30f0326eb7f4e4780a86b933cb5

  • SHA256

    ad899ebc75e725ff8553a27b5c79c99c86867483ddf66a7f76a25d4f1edfd1b4

  • SHA512

    ede8fec8ef2ac0bb066089af440c661508357bce72da0159d2edbd1c1266aa6eded8935f6ac2e8f471a1ea3b66a5cebddb481b3b6c55d192ffada9d1b1ae359a

  • SSDEEP

    12288:GMr9y90xrOlXM1BmEsYUmdWLNDJ73O67ldawn3j07:DyaOXWOySNDJDXaQ3j07

Malware Config

Extracted

Family

redline

Botnet

diza

C2

83.97.73.129:19068

Attributes
  • auth_value

    0d09b419c8bc967f91c68be4a17e92ee

Targets

    • Target

      ad899ebc75e725ff8553a27b5c79c99c86867483ddf66a7f76a25d4f1edfd1b4

    • Size

      602KB

    • MD5

      1f47c4d24a14f869aefef7057cbdb578

    • SHA1

      5a13c99f8b60e30f0326eb7f4e4780a86b933cb5

    • SHA256

      ad899ebc75e725ff8553a27b5c79c99c86867483ddf66a7f76a25d4f1edfd1b4

    • SHA512

      ede8fec8ef2ac0bb066089af440c661508357bce72da0159d2edbd1c1266aa6eded8935f6ac2e8f471a1ea3b66a5cebddb481b3b6c55d192ffada9d1b1ae359a

    • SSDEEP

      12288:GMr9y90xrOlXM1BmEsYUmdWLNDJ73O67ldawn3j07:DyaOXWOySNDJDXaQ3j07

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks