General

  • Target

    1e1530dc97bf2969ad829a53ca9f6488963d80e099dd58644bf426f3d72723c6

  • Size

    731KB

  • Sample

    241106-tq3fjswkcn

  • MD5

    6499b448d05e49bc90a78e598d2633b4

  • SHA1

    3925e7fcd74eb383e0578e5b81ac3feaff7503e6

  • SHA256

    1e1530dc97bf2969ad829a53ca9f6488963d80e099dd58644bf426f3d72723c6

  • SHA512

    de404b1daebb591c3676a6cd12da0c7c2ff8e3e8a78d55bc59687e0637b2c14841e5757592f1b16c497131f28def0e215f0d4aeb827f4ee474e80ff4aab5fad5

  • SSDEEP

    12288:uMrzy90OdKhxT8kX4qrEc7uGUxNrbA6esKxg3kS3dg1s9HLPBg8FKuJSMR05EX:lyHdipfuG2rboxg3DzhWCKeP

Malware Config

Extracted

Family

redline

Botnet

dars

C2

83.97.73.127:19045

Attributes
  • auth_value

    7cd208e6b6c927262304d5d4d88647fd

Targets

    • Target

      1e1530dc97bf2969ad829a53ca9f6488963d80e099dd58644bf426f3d72723c6

    • Size

      731KB

    • MD5

      6499b448d05e49bc90a78e598d2633b4

    • SHA1

      3925e7fcd74eb383e0578e5b81ac3feaff7503e6

    • SHA256

      1e1530dc97bf2969ad829a53ca9f6488963d80e099dd58644bf426f3d72723c6

    • SHA512

      de404b1daebb591c3676a6cd12da0c7c2ff8e3e8a78d55bc59687e0637b2c14841e5757592f1b16c497131f28def0e215f0d4aeb827f4ee474e80ff4aab5fad5

    • SSDEEP

      12288:uMrzy90OdKhxT8kX4qrEc7uGUxNrbA6esKxg3kS3dg1s9HLPBg8FKuJSMR05EX:lyHdipfuG2rboxg3DzhWCKeP

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks