General

  • Target

    5bf9c8353cd8f92bf0629daf77d246b3ab3d20f16e54eab3f003bf5ffc0f0971

  • Size

    752KB

  • Sample

    241109-evtxmsxemr

  • MD5

    3173ad0cf8f92fc0953466c89d9bbf42

  • SHA1

    705c73b4ed0a5caafe0f6ee37ebbceb9bec73aa4

  • SHA256

    5bf9c8353cd8f92bf0629daf77d246b3ab3d20f16e54eab3f003bf5ffc0f0971

  • SHA512

    ee6e800e6f795ebcbac3bdfd2cc9a056e6e2475018ab4ce945f23eb8ae2e5be99ecb9a2ff2ef87fad998e7243c494964092c17c3b462a8f28cfc2b6a9056a4b6

  • SSDEEP

    12288:VMrly90wZDux2x7hTlzs5iCSTYhAhNCPTRul7ISOkfcuqRoIDfPEgz5rXMXmqU0x:MyDueTlzs58N2TRuVMxRRDf8cMXF9

Malware Config

Extracted

Family

redline

Botnet

dars

C2

83.97.73.127:19045

Attributes
  • auth_value

    7cd208e6b6c927262304d5d4d88647fd

Targets

    • Target

      5bf9c8353cd8f92bf0629daf77d246b3ab3d20f16e54eab3f003bf5ffc0f0971

    • Size

      752KB

    • MD5

      3173ad0cf8f92fc0953466c89d9bbf42

    • SHA1

      705c73b4ed0a5caafe0f6ee37ebbceb9bec73aa4

    • SHA256

      5bf9c8353cd8f92bf0629daf77d246b3ab3d20f16e54eab3f003bf5ffc0f0971

    • SHA512

      ee6e800e6f795ebcbac3bdfd2cc9a056e6e2475018ab4ce945f23eb8ae2e5be99ecb9a2ff2ef87fad998e7243c494964092c17c3b462a8f28cfc2b6a9056a4b6

    • SSDEEP

      12288:VMrly90wZDux2x7hTlzs5iCSTYhAhNCPTRul7ISOkfcuqRoIDfPEgz5rXMXmqU0x:MyDueTlzs58N2TRuVMxRRDf8cMXF9

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks