General

  • Target

    c8b3116f0a932143b511a30dfe1d004c1742842e52dc6191a495a0043a6fa203

  • Size

    751KB

  • Sample

    241109-vvxarsxpa1

  • MD5

    0f4b904b790a1185909db173d807b8b8

  • SHA1

    7da854c06b59a6f3adc1adbd5de7efd800badb96

  • SHA256

    c8b3116f0a932143b511a30dfe1d004c1742842e52dc6191a495a0043a6fa203

  • SHA512

    e94b880c77304072ecb4398bf697eb821a47e6b6c8d562f2a14320001b19e21721593004c737638c4ccdc3542b1f3e168cce55c72dc1888153f34cf3c7e18fda

  • SSDEEP

    12288:uMrpy90Bx1TQNZdaiE6DGl30+qiOjfR5TP2bmqnzrCjKgYleCYdL6E:/yu2NHaRmGl30+YDRtuyqnSjssCYwE

Malware Config

Extracted

Family

redline

Botnet

dars

C2

83.97.73.127:19045

Attributes
  • auth_value

    7cd208e6b6c927262304d5d4d88647fd

Targets

    • Target

      c8b3116f0a932143b511a30dfe1d004c1742842e52dc6191a495a0043a6fa203

    • Size

      751KB

    • MD5

      0f4b904b790a1185909db173d807b8b8

    • SHA1

      7da854c06b59a6f3adc1adbd5de7efd800badb96

    • SHA256

      c8b3116f0a932143b511a30dfe1d004c1742842e52dc6191a495a0043a6fa203

    • SHA512

      e94b880c77304072ecb4398bf697eb821a47e6b6c8d562f2a14320001b19e21721593004c737638c4ccdc3542b1f3e168cce55c72dc1888153f34cf3c7e18fda

    • SSDEEP

      12288:uMrpy90Bx1TQNZdaiE6DGl30+qiOjfR5TP2bmqnzrCjKgYleCYdL6E:/yu2NHaRmGl30+YDRtuyqnSjssCYwE

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks