General

  • Target

    0d7860b363bcb804161782210d2509a4caec80265091375380310a097ec685f8

  • Size

    770KB

  • Sample

    241109-158dnswnbr

  • MD5

    0b5f07c9378b643e1a526fa4f8ef50b2

  • SHA1

    c7899a68fdad56b3143805bcb9881128e2cbd835

  • SHA256

    0d7860b363bcb804161782210d2509a4caec80265091375380310a097ec685f8

  • SHA512

    da8e30558d26d3a2eda217d63bb4a65b4c43c89981b527927d868cd440b94ad1832d281e445481bc6b80db2fb1fd9201c23ea8185887955958527a5349494b7c

  • SSDEEP

    12288:sMrjy90xy7d7HLQnzZcKxXDTLNRPef8qwvIPsW3M0b0YknVT7VHV:Pyw+zcnz+UfLL7DvIEWv3ST7P

Malware Config

Extracted

Family

redline

Botnet

debro

C2

185.161.248.75:4132

Attributes
  • auth_value

    18c2c191aebfde5d1787ec8d805a01a8

Targets

    • Target

      0d7860b363bcb804161782210d2509a4caec80265091375380310a097ec685f8

    • Size

      770KB

    • MD5

      0b5f07c9378b643e1a526fa4f8ef50b2

    • SHA1

      c7899a68fdad56b3143805bcb9881128e2cbd835

    • SHA256

      0d7860b363bcb804161782210d2509a4caec80265091375380310a097ec685f8

    • SHA512

      da8e30558d26d3a2eda217d63bb4a65b4c43c89981b527927d868cd440b94ad1832d281e445481bc6b80db2fb1fd9201c23ea8185887955958527a5349494b7c

    • SSDEEP

      12288:sMrjy90xy7d7HLQnzZcKxXDTLNRPef8qwvIPsW3M0b0YknVT7VHV:Pyw+zcnz+UfLL7DvIEWv3ST7P

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks