General

  • Target

    6f8e1083763c29331a8a89b0e87ce5d3a65082d04b8e17a133f69915e7ec72c7

  • Size

    556KB

  • Sample

    241109-m4felssldz

  • MD5

    86751ccf3450705deb2751f8b9cad5aa

  • SHA1

    cac15580afeddba436d64506885a1dad9728af01

  • SHA256

    6f8e1083763c29331a8a89b0e87ce5d3a65082d04b8e17a133f69915e7ec72c7

  • SHA512

    13f12b8e3ad39bb817cacf61b7fdb0a7b579bb0274ae080f23e81924529592024e2e247d7813e4619009b7b9d851d9fb7ea2a3acdb072b4169b70a10533615bc

  • SSDEEP

    12288:tMrEy905ZclIc1mKHtgUQjGbyIfv1wLxJkNa2shB4eSIS:Zy0YP1btsIfv1mk7shB4eA

Malware Config

Extracted

Family

redline

Botnet

darm

C2

217.196.96.56:4138

Attributes
  • auth_value

    d88ac8ccc04ab9979b04b46313db1648

Targets

    • Target

      6f8e1083763c29331a8a89b0e87ce5d3a65082d04b8e17a133f69915e7ec72c7

    • Size

      556KB

    • MD5

      86751ccf3450705deb2751f8b9cad5aa

    • SHA1

      cac15580afeddba436d64506885a1dad9728af01

    • SHA256

      6f8e1083763c29331a8a89b0e87ce5d3a65082d04b8e17a133f69915e7ec72c7

    • SHA512

      13f12b8e3ad39bb817cacf61b7fdb0a7b579bb0274ae080f23e81924529592024e2e247d7813e4619009b7b9d851d9fb7ea2a3acdb072b4169b70a10533615bc

    • SSDEEP

      12288:tMrEy905ZclIc1mKHtgUQjGbyIfv1wLxJkNa2shB4eSIS:Zy0YP1btsIfv1mk7shB4eA

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks