General

  • Target

    e6bb37fe1405c1956e4a7c20f2b1579f879cf6c7b009b1e748210278ff9bf670

  • Size

    479KB

  • Sample

    241109-2chszstenq

  • MD5

    ffa0d69eb2c5d8d47ee68928bc2dc889

  • SHA1

    18bdc9422307290a953ca83806d0a4d69098f354

  • SHA256

    e6bb37fe1405c1956e4a7c20f2b1579f879cf6c7b009b1e748210278ff9bf670

  • SHA512

    63b25c95e4a7d6e23fe2dc0e49ebfa24228099cc3907198ec2b0c82fc3bd5d16bc59ee7ee69bfd2e1a3783889bd85105a947a9634090fcb47152882d00fbc25c

  • SSDEEP

    12288:fMrgy90PRYNz4ft99ponHwm9Fj48UPnmYaVBD:PyMRYJ4fH9poH9naSBD

Malware Config

Extracted

Family

redline

Botnet

dease

C2

217.196.96.101:4132

Attributes
  • auth_value

    82e4d5f9abc21848e0345118814a4e6c

Targets

    • Target

      e6bb37fe1405c1956e4a7c20f2b1579f879cf6c7b009b1e748210278ff9bf670

    • Size

      479KB

    • MD5

      ffa0d69eb2c5d8d47ee68928bc2dc889

    • SHA1

      18bdc9422307290a953ca83806d0a4d69098f354

    • SHA256

      e6bb37fe1405c1956e4a7c20f2b1579f879cf6c7b009b1e748210278ff9bf670

    • SHA512

      63b25c95e4a7d6e23fe2dc0e49ebfa24228099cc3907198ec2b0c82fc3bd5d16bc59ee7ee69bfd2e1a3783889bd85105a947a9634090fcb47152882d00fbc25c

    • SSDEEP

      12288:fMrgy90PRYNz4ft99ponHwm9Fj48UPnmYaVBD:PyMRYJ4fH9poH9naSBD

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks