General

  • Target

    1b22c1d7bb807b27928c6e6eb6a0fa4b251af8fd7b5fa9bc507f137122fb3e05

  • Size

    488KB

  • Sample

    241109-1dl2cs1rfz

  • MD5

    68f29a39f40100632730dfc7b51c591e

  • SHA1

    4e32e1842370a0fa7226b07af847616a34595181

  • SHA256

    1b22c1d7bb807b27928c6e6eb6a0fa4b251af8fd7b5fa9bc507f137122fb3e05

  • SHA512

    1e0f6e2dc2e28fe8c96f489d392960184765527d2ec7b1d1bea6402c9b66766df063765670e7cc42ac80824f93001647b981dfbb9f0128aa7c1a85a48855f696

  • SSDEEP

    12288:MMruy90+p3gOWjusfCBdJcbENO2+/M/2NQtzGAoy3Ps:yyzQOCmLhPB5vouPs

Malware Config

Extracted

Family

redline

Botnet

dippo

C2

217.196.96.102:4132

Attributes
  • auth_value

    79490ff628fd6af3b29170c3c163874b

Targets

    • Target

      1b22c1d7bb807b27928c6e6eb6a0fa4b251af8fd7b5fa9bc507f137122fb3e05

    • Size

      488KB

    • MD5

      68f29a39f40100632730dfc7b51c591e

    • SHA1

      4e32e1842370a0fa7226b07af847616a34595181

    • SHA256

      1b22c1d7bb807b27928c6e6eb6a0fa4b251af8fd7b5fa9bc507f137122fb3e05

    • SHA512

      1e0f6e2dc2e28fe8c96f489d392960184765527d2ec7b1d1bea6402c9b66766df063765670e7cc42ac80824f93001647b981dfbb9f0128aa7c1a85a48855f696

    • SSDEEP

      12288:MMruy90+p3gOWjusfCBdJcbENO2+/M/2NQtzGAoy3Ps:yyzQOCmLhPB5vouPs

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks