General

  • Target

    0bf61c54c2ec4f608da49f2b2f831d01377a5350cfab03e007d1ad4addadd012

  • Size

    632KB

  • Sample

    241109-z2agssvpbl

  • MD5

    7819b54eab4d63fd1fd46827166c00f8

  • SHA1

    1ab7cb6b00a691280e007ebddd45997c862d1757

  • SHA256

    0bf61c54c2ec4f608da49f2b2f831d01377a5350cfab03e007d1ad4addadd012

  • SHA512

    9e1ddb9545e03f8d3231cf46e3e6bbc4b1ef7e7d493cb71c8fc6ecaf63774c2b59aeb4be1962b501d35a036b986c4c35f5f0f23f421bfab58420e8f6e29876f8

  • SSDEEP

    12288:0MrBy90Ws4g6RJXCSO1rTIcjXZcupTd5ppfnYVl:9yQX67CSOVIcjKu35Lfne

Malware Config

Extracted

Family

redline

Botnet

zaur

C2

62.204.41.170:4172

Attributes
  • auth_value

    8f24dad16e6d64e3d692e48d05640734

Targets

    • Target

      0bf61c54c2ec4f608da49f2b2f831d01377a5350cfab03e007d1ad4addadd012

    • Size

      632KB

    • MD5

      7819b54eab4d63fd1fd46827166c00f8

    • SHA1

      1ab7cb6b00a691280e007ebddd45997c862d1757

    • SHA256

      0bf61c54c2ec4f608da49f2b2f831d01377a5350cfab03e007d1ad4addadd012

    • SHA512

      9e1ddb9545e03f8d3231cf46e3e6bbc4b1ef7e7d493cb71c8fc6ecaf63774c2b59aeb4be1962b501d35a036b986c4c35f5f0f23f421bfab58420e8f6e29876f8

    • SSDEEP

      12288:0MrBy90Ws4g6RJXCSO1rTIcjXZcupTd5ppfnYVl:9yQX67CSOVIcjKu35Lfne

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks