General

  • Target

    671da06e0cdc38a2605147c44b8b1efa97850645a0ddd3aaf3e41e287b341a86

  • Size

    382KB

  • Sample

    241109-2ylrrsthkg

  • MD5

    0bb1c97e1bd107c500ca7e7e76b3faf5

  • SHA1

    f3f25eb6deae1b95475edf3414a9561278a0c1bf

  • SHA256

    671da06e0cdc38a2605147c44b8b1efa97850645a0ddd3aaf3e41e287b341a86

  • SHA512

    9a5d02a32f82f4fb57d34fe6d04e6d267fb0a9228202c1a7fd150e882c9a113e9ef5a61d10019dc1bb9cedb79a460fd6988aa0ea231afbd290334c9ca921e03c

  • SSDEEP

    6144:i6oJbUxaNAwuWJX+20KbX/+bqslsD/fl9VyJTf2:i6oJbU4NAm9B0aP+bqKsj22

Malware Config

Extracted

Family

redline

Botnet

boris

C2

193.233.20.32:4125

Attributes
  • auth_value

    766b5bdf6dbefcf7ca223351952fc38f

Targets

    • Target

      671da06e0cdc38a2605147c44b8b1efa97850645a0ddd3aaf3e41e287b341a86

    • Size

      382KB

    • MD5

      0bb1c97e1bd107c500ca7e7e76b3faf5

    • SHA1

      f3f25eb6deae1b95475edf3414a9561278a0c1bf

    • SHA256

      671da06e0cdc38a2605147c44b8b1efa97850645a0ddd3aaf3e41e287b341a86

    • SHA512

      9a5d02a32f82f4fb57d34fe6d04e6d267fb0a9228202c1a7fd150e882c9a113e9ef5a61d10019dc1bb9cedb79a460fd6988aa0ea231afbd290334c9ca921e03c

    • SSDEEP

      6144:i6oJbUxaNAwuWJX+20KbX/+bqslsD/fl9VyJTf2:i6oJbU4NAm9B0aP+bqKsj22

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

MITRE ATT&CK Enterprise v15

Tasks