General

  • Target

    f8f569be55ad5ae9978f241cc61258e3b4acda993a3df0e941281eea344c9c84

  • Size

    772KB

  • Sample

    241109-m41esataqm

  • MD5

    039cb4e36fc235b50dc492c57b36f513

  • SHA1

    75f6afcb7eeedd3b593f3d331edfc6d281b995d9

  • SHA256

    f8f569be55ad5ae9978f241cc61258e3b4acda993a3df0e941281eea344c9c84

  • SHA512

    7f573ef178a8df7b04962b99531233c44e547f59ea66b6f73f4e80985d24251b8abcf53243c8dc669d4a739b20dcf806ac2939f535d9fcaebd005fb9d06fd18a

  • SSDEEP

    12288:kMrny90jVZRD1TinRFVMne5e7haaTwovxkyzpBTKpGD9lFfs9Ov0Rf5lkfR2:LyYbDNUtMnew6Yp4p29po5W2

Malware Config

Extracted

Family

redline

Botnet

dubur

C2

217.196.96.102:4132

Attributes
  • auth_value

    32d04179aa1e8d655d2d80c21f99de41

Targets

    • Target

      f8f569be55ad5ae9978f241cc61258e3b4acda993a3df0e941281eea344c9c84

    • Size

      772KB

    • MD5

      039cb4e36fc235b50dc492c57b36f513

    • SHA1

      75f6afcb7eeedd3b593f3d331edfc6d281b995d9

    • SHA256

      f8f569be55ad5ae9978f241cc61258e3b4acda993a3df0e941281eea344c9c84

    • SHA512

      7f573ef178a8df7b04962b99531233c44e547f59ea66b6f73f4e80985d24251b8abcf53243c8dc669d4a739b20dcf806ac2939f535d9fcaebd005fb9d06fd18a

    • SSDEEP

      12288:kMrny90jVZRD1TinRFVMne5e7haaTwovxkyzpBTKpGD9lFfs9Ov0Rf5lkfR2:LyYbDNUtMnew6Yp4p29po5W2

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks