General

  • Target

    de9629756b67cee663f437ac808d7fde848d6bb3f726235ae171f80de31d30e5

  • Size

    479KB

  • Sample

    241109-fv1wma1mdm

  • MD5

    92dd31e2a5b7543738a644b241b424fb

  • SHA1

    5358b5c9dd42421869709db4308494084d1cdd2c

  • SHA256

    de9629756b67cee663f437ac808d7fde848d6bb3f726235ae171f80de31d30e5

  • SHA512

    7e32309e37990ad69d10a72818b002113a4cd4c0819626a644ae96c8a2ff3972589026f9d57327cb44a7bc15bb6b9f65d73b47f82ae49e6af899d531e90f6657

  • SSDEEP

    12288:MMrqy90UFXArQZuT+Dch2AGgpX+NhO8DLWS3TV/g:Gy5FA8ZuocCgpOO8D131g

Malware Config

Extracted

Family

redline

Botnet

dumud

C2

217.196.96.101:4132

Attributes
  • auth_value

    3e18d4b90418aa3e78d8822e87c62f5c

Targets

    • Target

      de9629756b67cee663f437ac808d7fde848d6bb3f726235ae171f80de31d30e5

    • Size

      479KB

    • MD5

      92dd31e2a5b7543738a644b241b424fb

    • SHA1

      5358b5c9dd42421869709db4308494084d1cdd2c

    • SHA256

      de9629756b67cee663f437ac808d7fde848d6bb3f726235ae171f80de31d30e5

    • SHA512

      7e32309e37990ad69d10a72818b002113a4cd4c0819626a644ae96c8a2ff3972589026f9d57327cb44a7bc15bb6b9f65d73b47f82ae49e6af899d531e90f6657

    • SSDEEP

      12288:MMrqy90UFXArQZuT+Dch2AGgpX+NhO8DLWS3TV/g:Gy5FA8ZuocCgpOO8D131g

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks