General

  • Target

    ee2117d864527c90f3fcdd72ee59bc6c3691ee425ea85a265706a43c5ba74b45

  • Size

    479KB

  • Sample

    241109-155b1stdkd

  • MD5

    a5c9756351755d1c54824ef7e3622faf

  • SHA1

    15a8e3ca0c967cfa8492786341255812dfbb78e3

  • SHA256

    ee2117d864527c90f3fcdd72ee59bc6c3691ee425ea85a265706a43c5ba74b45

  • SHA512

    874b68458da5f4c1636e45aa85a0cc1d2b680a3c53ccb4374342b14209206e2087174c8ad0ce1e2d8ca5eb94f0c600d5f5906642e3ce684fb795b8749d740f01

  • SSDEEP

    12288:eMrKy90c2oWTrwXHtb/T/ToGHmHt9D0d:IyJWKNb/T7oeIt9D0d

Malware Config

Extracted

Family

redline

Botnet

dona

C2

217.196.96.101:4132

Attributes
  • auth_value

    9fbb198992bbc83a84ab1f21384813e3

Targets

    • Target

      ee2117d864527c90f3fcdd72ee59bc6c3691ee425ea85a265706a43c5ba74b45

    • Size

      479KB

    • MD5

      a5c9756351755d1c54824ef7e3622faf

    • SHA1

      15a8e3ca0c967cfa8492786341255812dfbb78e3

    • SHA256

      ee2117d864527c90f3fcdd72ee59bc6c3691ee425ea85a265706a43c5ba74b45

    • SHA512

      874b68458da5f4c1636e45aa85a0cc1d2b680a3c53ccb4374342b14209206e2087174c8ad0ce1e2d8ca5eb94f0c600d5f5906642e3ce684fb795b8749d740f01

    • SSDEEP

      12288:eMrKy90c2oWTrwXHtb/T/ToGHmHt9D0d:IyJWKNb/T7oeIt9D0d

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks