General

  • Target

    4de1b6e4d353f8577d54f88141e1b432436ef7f2dea66af0929d71c4c583802e

  • Size

    641KB

  • Sample

    241109-ynec6atnbk

  • MD5

    53bbd67c90ff25f8d3abd3c382c0b112

  • SHA1

    0116e538e1cce6ee406a3d48443a2df54d9676e4

  • SHA256

    4de1b6e4d353f8577d54f88141e1b432436ef7f2dea66af0929d71c4c583802e

  • SHA512

    fe5ed5344d014f6b1b92054deb9ee2c0118ff707a42a8a85cee08d3634237944bdd80472914af841469cbdf9ed282a1fdbc3bc1b9f00c2d8b3a3ea5ba40585ef

  • SSDEEP

    12288:oMrDy90KSgMlYZL0OrN5C5AUs8S1VYfPg1Kw83Af:7yJ0OK5AztVYf41YQ

Malware Config

Extracted

Family

redline

Botnet

darm

C2

217.196.96.56:4138

Attributes
  • auth_value

    d88ac8ccc04ab9979b04b46313db1648

Targets

    • Target

      4de1b6e4d353f8577d54f88141e1b432436ef7f2dea66af0929d71c4c583802e

    • Size

      641KB

    • MD5

      53bbd67c90ff25f8d3abd3c382c0b112

    • SHA1

      0116e538e1cce6ee406a3d48443a2df54d9676e4

    • SHA256

      4de1b6e4d353f8577d54f88141e1b432436ef7f2dea66af0929d71c4c583802e

    • SHA512

      fe5ed5344d014f6b1b92054deb9ee2c0118ff707a42a8a85cee08d3634237944bdd80472914af841469cbdf9ed282a1fdbc3bc1b9f00c2d8b3a3ea5ba40585ef

    • SSDEEP

      12288:oMrDy90KSgMlYZL0OrN5C5AUs8S1VYfPg1Kw83Af:7yJ0OK5AztVYf41YQ

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks