General

  • Target

    99a5333dfc6a14b55afd756ea0032102162bd7339b07872018e6565278d867bf

  • Size

    479KB

  • Sample

    241109-mgcefasjat

  • MD5

    d04dc6931c91c487da949ba487e7b421

  • SHA1

    e19c47004bf6f0b2910227e5b328caef85447d27

  • SHA256

    99a5333dfc6a14b55afd756ea0032102162bd7339b07872018e6565278d867bf

  • SHA512

    bb0d9cf68845b458f98789665ed060306a2d5fcce8970f0627a1b379d3ae54a8bb5b3104bba978b4c6a801b289baf26ace45e43599de8a6cf294f67df8d584a3

  • SSDEEP

    12288:TMr6y90Ndqa1uBQY6moc5rxKOFqT9WhfDFVNJHIA:1yiwakZP5KTIhfrN91

Malware Config

Extracted

Family

redline

Botnet

dease

C2

217.196.96.101:4132

Attributes
  • auth_value

    82e4d5f9abc21848e0345118814a4e6c

Targets

    • Target

      99a5333dfc6a14b55afd756ea0032102162bd7339b07872018e6565278d867bf

    • Size

      479KB

    • MD5

      d04dc6931c91c487da949ba487e7b421

    • SHA1

      e19c47004bf6f0b2910227e5b328caef85447d27

    • SHA256

      99a5333dfc6a14b55afd756ea0032102162bd7339b07872018e6565278d867bf

    • SHA512

      bb0d9cf68845b458f98789665ed060306a2d5fcce8970f0627a1b379d3ae54a8bb5b3104bba978b4c6a801b289baf26ace45e43599de8a6cf294f67df8d584a3

    • SSDEEP

      12288:TMr6y90Ndqa1uBQY6moc5rxKOFqT9WhfDFVNJHIA:1yiwakZP5KTIhfrN91

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks