General

  • Target

    80947e427cebc3d4b956f49b51afc023b04bdb02a1464c09b9b22b045499a7d0

  • Size

    479KB

  • Sample

    241109-m96trawmbk

  • MD5

    024c26756a986627c1c48d4d8149b9fc

  • SHA1

    83dd6d5971c5540cc46bd15855ce0b0f793c0449

  • SHA256

    80947e427cebc3d4b956f49b51afc023b04bdb02a1464c09b9b22b045499a7d0

  • SHA512

    4c4e2ac64997053949fa73e994f58418a98ba780324d014902db5224f98f1397120855853bec00c99aa3d58ccaac010661db83a1a51a4005d900f9982bbdc97c

  • SSDEEP

    12288:fMr0y904n6RAIzqpyAwM7Z4Uy6zk6cLjPU9Z/:jyln6SVnt7Z4UDpKc9Z/

Malware Config

Extracted

Family

redline

Botnet

dippo

C2

217.196.96.102:4132

Attributes
  • auth_value

    79490ff628fd6af3b29170c3c163874b

Targets

    • Target

      80947e427cebc3d4b956f49b51afc023b04bdb02a1464c09b9b22b045499a7d0

    • Size

      479KB

    • MD5

      024c26756a986627c1c48d4d8149b9fc

    • SHA1

      83dd6d5971c5540cc46bd15855ce0b0f793c0449

    • SHA256

      80947e427cebc3d4b956f49b51afc023b04bdb02a1464c09b9b22b045499a7d0

    • SHA512

      4c4e2ac64997053949fa73e994f58418a98ba780324d014902db5224f98f1397120855853bec00c99aa3d58ccaac010661db83a1a51a4005d900f9982bbdc97c

    • SSDEEP

      12288:fMr0y904n6RAIzqpyAwM7Z4Uy6zk6cLjPU9Z/:jyln6SVnt7Z4UDpKc9Z/

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks