General

  • Target

    b96830d626e15af47832dad135a7c41f2aa67ea7eafda539fb21151cad8789a4

  • Size

    488KB

  • Sample

    241109-meh47ssfmq

  • MD5

    e8e22918ff35366ccd2d71612b1d5fee

  • SHA1

    58746d2542539da66a9690111474d0582e64fd53

  • SHA256

    b96830d626e15af47832dad135a7c41f2aa67ea7eafda539fb21151cad8789a4

  • SHA512

    5f2a31e2042c53dfa5c65a68e33eb9d994f0c5d4dd3c74956d86183f50e0cc5a54440ed01b40374f4082ddfb27921be52533896ad07be8e41085b7ccec2f0343

  • SSDEEP

    12288:nMr7y90Fc98lbMBH9BEK2sNDgjrtCj/dI:wyOMBH9BEt2kjoW

Malware Config

Extracted

Family

redline

Botnet

dippo

C2

217.196.96.102:4132

Attributes
  • auth_value

    79490ff628fd6af3b29170c3c163874b

Targets

    • Target

      b96830d626e15af47832dad135a7c41f2aa67ea7eafda539fb21151cad8789a4

    • Size

      488KB

    • MD5

      e8e22918ff35366ccd2d71612b1d5fee

    • SHA1

      58746d2542539da66a9690111474d0582e64fd53

    • SHA256

      b96830d626e15af47832dad135a7c41f2aa67ea7eafda539fb21151cad8789a4

    • SHA512

      5f2a31e2042c53dfa5c65a68e33eb9d994f0c5d4dd3c74956d86183f50e0cc5a54440ed01b40374f4082ddfb27921be52533896ad07be8e41085b7ccec2f0343

    • SSDEEP

      12288:nMr7y90Fc98lbMBH9BEK2sNDgjrtCj/dI:wyOMBH9BEt2kjoW

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks