General

  • Target

    d493079ff6a8f3e2c09b1920adf79e793ccf165f54d282ecafdfc3ecd73f544b

  • Size

    1.5MB

  • Sample

    241109-m1bl9aslas

  • MD5

    134580d33045b436da01c82557a78c56

  • SHA1

    e4d27ceb165e8135ec40f68f9724e42c16ae1673

  • SHA256

    d493079ff6a8f3e2c09b1920adf79e793ccf165f54d282ecafdfc3ecd73f544b

  • SHA512

    facfc3fb373fa84fb7c546982420f2eb408066e72feac335e47e02c68e2395dda92c081b998d4e82580ef71fcea0045cf874e0ce5e789bd845deaacb1416f6b8

  • SSDEEP

    24576:VyjH9dtVoYhRSqwoaoLyz2Ukh3mrYrEm9wzGcJcbNJ4IB6Ye5UNbvhqSfdyEf6hm:wjH9dQoz8HkRGk9wJCo6QshfdP6gW

Malware Config

Extracted

Family

redline

Botnet

most

C2

185.161.248.73:4164

Attributes
  • auth_value

    7da4dfa153f2919e617aa016f7c36008

Targets

    • Target

      d493079ff6a8f3e2c09b1920adf79e793ccf165f54d282ecafdfc3ecd73f544b

    • Size

      1.5MB

    • MD5

      134580d33045b436da01c82557a78c56

    • SHA1

      e4d27ceb165e8135ec40f68f9724e42c16ae1673

    • SHA256

      d493079ff6a8f3e2c09b1920adf79e793ccf165f54d282ecafdfc3ecd73f544b

    • SHA512

      facfc3fb373fa84fb7c546982420f2eb408066e72feac335e47e02c68e2395dda92c081b998d4e82580ef71fcea0045cf874e0ce5e789bd845deaacb1416f6b8

    • SSDEEP

      24576:VyjH9dtVoYhRSqwoaoLyz2Ukh3mrYrEm9wzGcJcbNJ4IB6Ye5UNbvhqSfdyEf6hm:wjH9dQoz8HkRGk9wJCo6QshfdP6gW

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks