General

  • Target

    80776976e7badd5e12e9b71bfa32e28d793d22cee246429dda15373f89f8cd36

  • Size

    567KB

  • Sample

    241109-1wzp6swlfq

  • MD5

    893db5149d229ae351ed7c08ff56aa80

  • SHA1

    d348221c87c1ad1ba0aaf52ce730d1c8f5e8a2fa

  • SHA256

    80776976e7badd5e12e9b71bfa32e28d793d22cee246429dda15373f89f8cd36

  • SHA512

    0eae74462ddc9e0fc46cd0b9331239859b0340a3c99940e38e5058801d746cafa9f795b33734ef47ce68c5609d777117758b786570b770c39138e1a655b36a85

  • SSDEEP

    12288:sMriy90Ytn6PUhO2HCgfE2tCbvVdQTWWxD2lAjy/OpJiujQf:2yh5aUBCqCbvVdQTWODhjy/OpJDjg

Malware Config

Extracted

Family

redline

Botnet

darm

C2

217.196.96.56:4138

Attributes
  • auth_value

    d88ac8ccc04ab9979b04b46313db1648

Targets

    • Target

      80776976e7badd5e12e9b71bfa32e28d793d22cee246429dda15373f89f8cd36

    • Size

      567KB

    • MD5

      893db5149d229ae351ed7c08ff56aa80

    • SHA1

      d348221c87c1ad1ba0aaf52ce730d1c8f5e8a2fa

    • SHA256

      80776976e7badd5e12e9b71bfa32e28d793d22cee246429dda15373f89f8cd36

    • SHA512

      0eae74462ddc9e0fc46cd0b9331239859b0340a3c99940e38e5058801d746cafa9f795b33734ef47ce68c5609d777117758b786570b770c39138e1a655b36a85

    • SSDEEP

      12288:sMriy90Ytn6PUhO2HCgfE2tCbvVdQTWWxD2lAjy/OpJiujQf:2yh5aUBCqCbvVdQTWODhjy/OpJDjg

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks