General

  • Target

    f250a3cf12a638f95d1305b330981460f8efe09468b3fad0fbc4ccbdb55fe9c2

  • Size

    645KB

  • Sample

    241109-yd7lyszmdx

  • MD5

    6e853c05aab2604f12fb8780f450f66e

  • SHA1

    03b3b0860616eeaec7de0c442d970f1abd245506

  • SHA256

    f250a3cf12a638f95d1305b330981460f8efe09468b3fad0fbc4ccbdb55fe9c2

  • SHA512

    56794801372e6c60b7f48baa5b2d44d0841a17f5ecb6d1b9c47f6d105c121ff14c2a8ff138adbec0fc1b56a4dc66e5cb7ec6deb9c1066393b5010fdb914b7d2b

  • SSDEEP

    12288:tMrBy90gDP+bN46tPWIvt6FEvuTwhLruXHSKEvoB2u3pxhNo9pwoP:0yqNPWevUCLruXyvor3pxzo8oP

Malware Config

Extracted

Family

redline

Botnet

darm

C2

217.196.96.56:4138

Attributes
  • auth_value

    d88ac8ccc04ab9979b04b46313db1648

Targets

    • Target

      f250a3cf12a638f95d1305b330981460f8efe09468b3fad0fbc4ccbdb55fe9c2

    • Size

      645KB

    • MD5

      6e853c05aab2604f12fb8780f450f66e

    • SHA1

      03b3b0860616eeaec7de0c442d970f1abd245506

    • SHA256

      f250a3cf12a638f95d1305b330981460f8efe09468b3fad0fbc4ccbdb55fe9c2

    • SHA512

      56794801372e6c60b7f48baa5b2d44d0841a17f5ecb6d1b9c47f6d105c121ff14c2a8ff138adbec0fc1b56a4dc66e5cb7ec6deb9c1066393b5010fdb914b7d2b

    • SSDEEP

      12288:tMrBy90gDP+bN46tPWIvt6FEvuTwhLruXHSKEvoB2u3pxhNo9pwoP:0yqNPWevUCLruXyvor3pxzo8oP

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks