General

  • Target

    582989de7a9e598db818a67c5acdd27669cb4415a9c84efe377262028cec0a61

  • Size

    730KB

  • Sample

    241108-vd71yawakd

  • MD5

    4e3d998ba062220cdfd74829bd1d3c18

  • SHA1

    03d7e782bb81f3055847836036160c3cd1e6adc2

  • SHA256

    582989de7a9e598db818a67c5acdd27669cb4415a9c84efe377262028cec0a61

  • SHA512

    878be92bf310d44735c80e72ff0ca66f65c09ec6c88757b67645c076dba0219e79f4b8e68912613a849a27df086c5f163acbf6f3ca24ef7a2b6d9274a810f679

  • SSDEEP

    12288:xMrTy90pUQnXvCp9GGNKUKEhmwV8B9rHb2wugzS8FPcrjvCg4vm:aysKp7cUPmwV8BlxSoPcrD8vm

Malware Config

Extracted

Family

redline

Botnet

dars

C2

83.97.73.127:19045

Attributes
  • auth_value

    7cd208e6b6c927262304d5d4d88647fd

Targets

    • Target

      582989de7a9e598db818a67c5acdd27669cb4415a9c84efe377262028cec0a61

    • Size

      730KB

    • MD5

      4e3d998ba062220cdfd74829bd1d3c18

    • SHA1

      03d7e782bb81f3055847836036160c3cd1e6adc2

    • SHA256

      582989de7a9e598db818a67c5acdd27669cb4415a9c84efe377262028cec0a61

    • SHA512

      878be92bf310d44735c80e72ff0ca66f65c09ec6c88757b67645c076dba0219e79f4b8e68912613a849a27df086c5f163acbf6f3ca24ef7a2b6d9274a810f679

    • SSDEEP

      12288:xMrTy90pUQnXvCp9GGNKUKEhmwV8B9rHb2wugzS8FPcrjvCg4vm:aysKp7cUPmwV8BlxSoPcrD8vm

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks