General

  • Target

    28eea45c41ada0708fe5a8042ac0f4171d13a1c3c45b4731c9fadc009fdb1fe1

  • Size

    731KB

  • Sample

    241107-c99kjawmbl

  • MD5

    c4d12d9a88b38333e4c4ac5193449014

  • SHA1

    674d3b3f5f29b907b6b6c394e669555797ba29b6

  • SHA256

    28eea45c41ada0708fe5a8042ac0f4171d13a1c3c45b4731c9fadc009fdb1fe1

  • SHA512

    e7ee53f5c80c5d7d2ddc15b6b89e6b1ac4e7cfeacc0eb40d2ef7e185b6ae35b7df2e751f0d0d9a4c599995b9c2b80bd2284acf7ec0f4e44c23c4688a5dd1a3ae

  • SSDEEP

    12288:EMr/y902E65K4iu8TjlJKPk/ILmQcARd7pMq/JDDh/zu8o1fdI0UT:byAgBlcTuk/ICQcqd7ppVDFzkA00

Malware Config

Extracted

Family

redline

Botnet

dars

C2

83.97.73.127:19045

Attributes
  • auth_value

    7cd208e6b6c927262304d5d4d88647fd

Targets

    • Target

      28eea45c41ada0708fe5a8042ac0f4171d13a1c3c45b4731c9fadc009fdb1fe1

    • Size

      731KB

    • MD5

      c4d12d9a88b38333e4c4ac5193449014

    • SHA1

      674d3b3f5f29b907b6b6c394e669555797ba29b6

    • SHA256

      28eea45c41ada0708fe5a8042ac0f4171d13a1c3c45b4731c9fadc009fdb1fe1

    • SHA512

      e7ee53f5c80c5d7d2ddc15b6b89e6b1ac4e7cfeacc0eb40d2ef7e185b6ae35b7df2e751f0d0d9a4c599995b9c2b80bd2284acf7ec0f4e44c23c4688a5dd1a3ae

    • SSDEEP

      12288:EMr/y902E65K4iu8TjlJKPk/ILmQcARd7pMq/JDDh/zu8o1fdI0UT:byAgBlcTuk/ICQcqd7ppVDFzkA00

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks