General

  • Target

    cff07e1c93bf4ce2a487bfae7a7db831410a8695ba0a46d3166304d7c51e482c

  • Size

    750KB

  • Sample

    241109-lqbc3avncl

  • MD5

    19508619c50e8a7a144c780133f44c8c

  • SHA1

    b862cb6c3ba0eb57c52f32b94c3227b9a2cecfbc

  • SHA256

    cff07e1c93bf4ce2a487bfae7a7db831410a8695ba0a46d3166304d7c51e482c

  • SHA512

    132592ccac0e79c830a222beccae93774b838a2cd7297efeebeb34624117bfebde2ff378523866d398d68e391c1dbfc8fce7eb7e49b136a2afe4f639ed2a64e6

  • SSDEEP

    12288:YMrHy90QhBKZCH7YOGRiAoIM9qoT7IhgsundFVbwZ7ZVLsq5gPxIFThK8vuZ:vyRg67PnP4VuntU7ZN55gZchK8vuZ

Malware Config

Extracted

Family

redline

Botnet

dars

C2

83.97.73.127:19045

Attributes
  • auth_value

    7cd208e6b6c927262304d5d4d88647fd

Targets

    • Target

      cff07e1c93bf4ce2a487bfae7a7db831410a8695ba0a46d3166304d7c51e482c

    • Size

      750KB

    • MD5

      19508619c50e8a7a144c780133f44c8c

    • SHA1

      b862cb6c3ba0eb57c52f32b94c3227b9a2cecfbc

    • SHA256

      cff07e1c93bf4ce2a487bfae7a7db831410a8695ba0a46d3166304d7c51e482c

    • SHA512

      132592ccac0e79c830a222beccae93774b838a2cd7297efeebeb34624117bfebde2ff378523866d398d68e391c1dbfc8fce7eb7e49b136a2afe4f639ed2a64e6

    • SSDEEP

      12288:YMrHy90QhBKZCH7YOGRiAoIM9qoT7IhgsundFVbwZ7ZVLsq5gPxIFThK8vuZ:vyRg67PnP4VuntU7ZN55gZchK8vuZ

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks