General

  • Target

    2014ba58b7c74cf04852310d0b79d075bc764f11f3e02ddab21149ab4736d4b3

  • Size

    488KB

  • Sample

    241109-1wk7satbnd

  • MD5

    31784008d98f1bd3d7b4e1d9aa89f505

  • SHA1

    b4ba09acd97a46946c974504fe903bb5c0867446

  • SHA256

    2014ba58b7c74cf04852310d0b79d075bc764f11f3e02ddab21149ab4736d4b3

  • SHA512

    f340a6979d6341951efb175771c3a41a75a1ea7cfeb4bf81ecfd855d1706ef6dbae63d229df4eb06ac735ba6896cd1fe27740ce319687dbe92850a4eb6c0f799

  • SSDEEP

    6144:KHy+bnr+Xp0yN90QEztpJXfSudHwLk8ZKAfY7G9dIN11Qh6yt06xvQCchOoP8ucO:JMrfy90nTR8k8ZKZ+gIQCcoFu29bHq

Malware Config

Extracted

Family

redline

Botnet

dippo

C2

217.196.96.102:4132

Attributes
  • auth_value

    79490ff628fd6af3b29170c3c163874b

Targets

    • Target

      2014ba58b7c74cf04852310d0b79d075bc764f11f3e02ddab21149ab4736d4b3

    • Size

      488KB

    • MD5

      31784008d98f1bd3d7b4e1d9aa89f505

    • SHA1

      b4ba09acd97a46946c974504fe903bb5c0867446

    • SHA256

      2014ba58b7c74cf04852310d0b79d075bc764f11f3e02ddab21149ab4736d4b3

    • SHA512

      f340a6979d6341951efb175771c3a41a75a1ea7cfeb4bf81ecfd855d1706ef6dbae63d229df4eb06ac735ba6896cd1fe27740ce319687dbe92850a4eb6c0f799

    • SSDEEP

      6144:KHy+bnr+Xp0yN90QEztpJXfSudHwLk8ZKAfY7G9dIN11Qh6yt06xvQCchOoP8ucO:JMrfy90nTR8k8ZKZ+gIQCcoFu29bHq

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks