General

  • Target

    c4ed87019fdfc17a586e21debdd26cd354fb44744a28726667e2c45995cbbfe7

  • Size

    479KB

  • Sample

    241109-mk3qsssjet

  • MD5

    f37d9c70c40f60f324a71a43dd8b26af

  • SHA1

    bd165dd756a3c644dbd7e291918bd754a71436e7

  • SHA256

    c4ed87019fdfc17a586e21debdd26cd354fb44744a28726667e2c45995cbbfe7

  • SHA512

    6ab44d0bada8c43931c41cabb8903fe779ff95eb25fa4132503679fdcc483537df010561861014d9c0adb3c69d31506dd902a29e0ce4772f4e0b174a58bd7856

  • SSDEEP

    12288:UMrCy90yirwPE09IGDs39eymzg9/0P9qb4v:2yWrA+GDgx69Mo

Malware Config

Extracted

Family

redline

Botnet

dona

C2

217.196.96.101:4132

Attributes
  • auth_value

    9fbb198992bbc83a84ab1f21384813e3

Targets

    • Target

      c4ed87019fdfc17a586e21debdd26cd354fb44744a28726667e2c45995cbbfe7

    • Size

      479KB

    • MD5

      f37d9c70c40f60f324a71a43dd8b26af

    • SHA1

      bd165dd756a3c644dbd7e291918bd754a71436e7

    • SHA256

      c4ed87019fdfc17a586e21debdd26cd354fb44744a28726667e2c45995cbbfe7

    • SHA512

      6ab44d0bada8c43931c41cabb8903fe779ff95eb25fa4132503679fdcc483537df010561861014d9c0adb3c69d31506dd902a29e0ce4772f4e0b174a58bd7856

    • SSDEEP

      12288:UMrCy90yirwPE09IGDs39eymzg9/0P9qb4v:2yWrA+GDgx69Mo

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks