General

  • Target

    c9c134e8e57f5a4d182dc64c556b5979339d835fe83f559402ff8776e40787ccN

  • Size

    632KB

  • Sample

    241109-3ayxvsxkfq

  • MD5

    59808eea26c693f5747949af649bb740

  • SHA1

    3f6cacbc31632eb4fad266fef6cb8870b9057736

  • SHA256

    c9c134e8e57f5a4d182dc64c556b5979339d835fe83f559402ff8776e40787cc

  • SHA512

    cfcc685ecc6172b91f72035dcfcdcadfae33b998172ff7036f9112fac19e80999b2755edf6ca34e94062e2817821646d2cde78981f30b82359a73f0e2ca5b8df

  • SSDEEP

    12288:mMrgy905pk9yJrou4Jhhw617qBSO1rTkoj0WcuLgGlB6:6y2k9yCFJ+BSOVkojguLgGG

Malware Config

Extracted

Family

redline

Botnet

zaur

C2

62.204.41.170:4172

Attributes
  • auth_value

    8f24dad16e6d64e3d692e48d05640734

Targets

    • Target

      c9c134e8e57f5a4d182dc64c556b5979339d835fe83f559402ff8776e40787ccN

    • Size

      632KB

    • MD5

      59808eea26c693f5747949af649bb740

    • SHA1

      3f6cacbc31632eb4fad266fef6cb8870b9057736

    • SHA256

      c9c134e8e57f5a4d182dc64c556b5979339d835fe83f559402ff8776e40787cc

    • SHA512

      cfcc685ecc6172b91f72035dcfcdcadfae33b998172ff7036f9112fac19e80999b2755edf6ca34e94062e2817821646d2cde78981f30b82359a73f0e2ca5b8df

    • SSDEEP

      12288:mMrgy905pk9yJrou4Jhhw617qBSO1rTkoj0WcuLgGlB6:6y2k9yCFJ+BSOVkojguLgGG

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks