General

  • Target

    f1cb9ecb56a49ec01e79e6aaf46a727472fc1897325b03e64b8cd671c69610e1

  • Size

    731KB

  • Sample

    241106-w67rbawckr

  • MD5

    19dc1eefada8910407fdbcff9827d7dc

  • SHA1

    d1e7b491e3a64d779eea2da2f4e4955b2281e71d

  • SHA256

    f1cb9ecb56a49ec01e79e6aaf46a727472fc1897325b03e64b8cd671c69610e1

  • SHA512

    37fcb201797829355e08285febaacfcd019aee28bf5f4be373d307c3171ab5608a6af01fa8acb636d06560189f4be7f7d86b836642d9b72bc8cada5fb1598cbe

  • SSDEEP

    12288:XMrby90xgePriSEXOTKtOXGWPLsKHoMy4m5Td8IkMk0iBFEC:IyFePqXOqOL5m40d9teEC

Malware Config

Extracted

Family

redline

Botnet

dars

C2

83.97.73.127:19045

Attributes
  • auth_value

    7cd208e6b6c927262304d5d4d88647fd

Targets

    • Target

      f1cb9ecb56a49ec01e79e6aaf46a727472fc1897325b03e64b8cd671c69610e1

    • Size

      731KB

    • MD5

      19dc1eefada8910407fdbcff9827d7dc

    • SHA1

      d1e7b491e3a64d779eea2da2f4e4955b2281e71d

    • SHA256

      f1cb9ecb56a49ec01e79e6aaf46a727472fc1897325b03e64b8cd671c69610e1

    • SHA512

      37fcb201797829355e08285febaacfcd019aee28bf5f4be373d307c3171ab5608a6af01fa8acb636d06560189f4be7f7d86b836642d9b72bc8cada5fb1598cbe

    • SSDEEP

      12288:XMrby90xgePriSEXOTKtOXGWPLsKHoMy4m5Td8IkMk0iBFEC:IyFePqXOqOL5m40d9teEC

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks