General

  • Target

    5e8eec1d25e26047f0748aa13b1f25bc2cc6828367593c403420de3f4089e12fN

  • Size

    843KB

  • Sample

    241109-17xd7awnfl

  • MD5

    0060f21d8002518dc669236b5c2692b0

  • SHA1

    cef3ed70fd8fb76cee25db7078bbd05945317df1

  • SHA256

    5e8eec1d25e26047f0748aa13b1f25bc2cc6828367593c403420de3f4089e12f

  • SHA512

    890b18b5fec6b7dcc86bd99b7dce56691580fd28cc11c62aa0fe9f48c857ea2ade0ba7de6acda807d9780a811d2096c9a1757e85f19287c0e8043a97537bbb50

  • SSDEEP

    24576:HyK3O3oVgzCcpr1/LVHUSoKqS7/l+Kf7:SK3OCgzCczVUS3dth

Malware Config

Extracted

Family

redline

Botnet

most

C2

185.161.248.73:4164

Attributes
  • auth_value

    7da4dfa153f2919e617aa016f7c36008

Targets

    • Target

      5e8eec1d25e26047f0748aa13b1f25bc2cc6828367593c403420de3f4089e12fN

    • Size

      843KB

    • MD5

      0060f21d8002518dc669236b5c2692b0

    • SHA1

      cef3ed70fd8fb76cee25db7078bbd05945317df1

    • SHA256

      5e8eec1d25e26047f0748aa13b1f25bc2cc6828367593c403420de3f4089e12f

    • SHA512

      890b18b5fec6b7dcc86bd99b7dce56691580fd28cc11c62aa0fe9f48c857ea2ade0ba7de6acda807d9780a811d2096c9a1757e85f19287c0e8043a97537bbb50

    • SSDEEP

      24576:HyK3O3oVgzCcpr1/LVHUSoKqS7/l+Kf7:SK3OCgzCczVUS3dth

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks