General

  • Target

    3f6c7f04e8a82e6477c22ee81ed09af992129675d960526f2f7282581c5df3db

  • Size

    730KB

  • Sample

    241108-wknfjswgmg

  • MD5

    8b54f943ef46e60db16c7be5d4d08585

  • SHA1

    9cf7edd42652f8ce9810d789a33eb744b2b3382d

  • SHA256

    3f6c7f04e8a82e6477c22ee81ed09af992129675d960526f2f7282581c5df3db

  • SHA512

    b77d577550dfe113055d50d1fc7d23ae43d1dfaa04acf7f8f8bdcfbcfd17169022b6920160243c9cbd004f82341015f1acce67b9017b5529ec9f682793868c39

  • SSDEEP

    12288:BMrcy90b9/SMyipIQtQ9oEXPWfEXhX4ni2W6jFbn++QNgnak:NyQ9aC1WoEXPbXP2W6xY8

Malware Config

Extracted

Family

redline

Botnet

dars

C2

83.97.73.127:19045

Attributes
  • auth_value

    7cd208e6b6c927262304d5d4d88647fd

Targets

    • Target

      3f6c7f04e8a82e6477c22ee81ed09af992129675d960526f2f7282581c5df3db

    • Size

      730KB

    • MD5

      8b54f943ef46e60db16c7be5d4d08585

    • SHA1

      9cf7edd42652f8ce9810d789a33eb744b2b3382d

    • SHA256

      3f6c7f04e8a82e6477c22ee81ed09af992129675d960526f2f7282581c5df3db

    • SHA512

      b77d577550dfe113055d50d1fc7d23ae43d1dfaa04acf7f8f8bdcfbcfd17169022b6920160243c9cbd004f82341015f1acce67b9017b5529ec9f682793868c39

    • SSDEEP

      12288:BMrcy90b9/SMyipIQtQ9oEXPWfEXhX4ni2W6jFbn++QNgnak:NyQ9aC1WoEXPbXP2W6xY8

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks