General

  • Target

    742b92652c49f93d8b6526cb558d9557a0a4c353ef0b1e7c95b3c34184b94d10

  • Size

    770KB

  • Sample

    241109-16ywmatdnp

  • MD5

    72b7756a18c77dc34b9407e611489efb

  • SHA1

    fb56f9988bbbc4bb6da5484dca40c7419977fc21

  • SHA256

    742b92652c49f93d8b6526cb558d9557a0a4c353ef0b1e7c95b3c34184b94d10

  • SHA512

    e9cfe43437ffbfb305bf7484817d15268c3c2241bebbb09a4af1fcbf249f0c1473b9d9dcde8c1878d01bb9b47035cdd62a535a12ee799faa3cee5aac08a2a1f5

  • SSDEEP

    24576:ayGRjNDNt6EEgiPLsaVVx2CKCjK6ZMrZjTT7nhC5GNo:hiDNt45PLsaVHr5HSjTT7hC5G

Malware Config

Extracted

Family

redline

Botnet

debro

C2

185.161.248.75:4132

Attributes
  • auth_value

    18c2c191aebfde5d1787ec8d805a01a8

Targets

    • Target

      742b92652c49f93d8b6526cb558d9557a0a4c353ef0b1e7c95b3c34184b94d10

    • Size

      770KB

    • MD5

      72b7756a18c77dc34b9407e611489efb

    • SHA1

      fb56f9988bbbc4bb6da5484dca40c7419977fc21

    • SHA256

      742b92652c49f93d8b6526cb558d9557a0a4c353ef0b1e7c95b3c34184b94d10

    • SHA512

      e9cfe43437ffbfb305bf7484817d15268c3c2241bebbb09a4af1fcbf249f0c1473b9d9dcde8c1878d01bb9b47035cdd62a535a12ee799faa3cee5aac08a2a1f5

    • SSDEEP

      24576:ayGRjNDNt6EEgiPLsaVVx2CKCjK6ZMrZjTT7nhC5GNo:hiDNt45PLsaVHr5HSjTT7hC5G

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks