General

  • Target

    1f65d82c586d9c8c49c63e4b4efcff17c755783f2c892f4c490443cfa01574bcN

  • Size

    1.5MB

  • Sample

    241109-2dsdtatemd

  • MD5

    ac22837a38adfc6119ce450871ead180

  • SHA1

    c8c53433789cd6d5c1c139e0f6e334b450297dc2

  • SHA256

    1f65d82c586d9c8c49c63e4b4efcff17c755783f2c892f4c490443cfa01574bc

  • SHA512

    4d84f6ca1b151bbd85fcdfbc010962fc4aa23098bdc8ed015f52a8a86c44ef8487d99d78c39baf6e105658c2af66f38e51c1287af08277de7feeda83c34532f2

  • SSDEEP

    24576:HyKeyzRgeDofKI69Ad8+rmciy5DhSBXdBseZu99PzmwxIBXgHf+uFHLdrLPB9lq6:SKNVEKI0+ZigDhSBZMiQ0Xw+Wdtq7asQ

Malware Config

Extracted

Family

redline

Botnet

most

C2

185.161.248.73:4164

Attributes
  • auth_value

    7da4dfa153f2919e617aa016f7c36008

Targets

    • Target

      1f65d82c586d9c8c49c63e4b4efcff17c755783f2c892f4c490443cfa01574bcN

    • Size

      1.5MB

    • MD5

      ac22837a38adfc6119ce450871ead180

    • SHA1

      c8c53433789cd6d5c1c139e0f6e334b450297dc2

    • SHA256

      1f65d82c586d9c8c49c63e4b4efcff17c755783f2c892f4c490443cfa01574bc

    • SHA512

      4d84f6ca1b151bbd85fcdfbc010962fc4aa23098bdc8ed015f52a8a86c44ef8487d99d78c39baf6e105658c2af66f38e51c1287af08277de7feeda83c34532f2

    • SSDEEP

      24576:HyKeyzRgeDofKI69Ad8+rmciy5DhSBXdBseZu99PzmwxIBXgHf+uFHLdrLPB9lq6:SKNVEKI0+ZigDhSBZMiQ0Xw+Wdtq7asQ

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks