General

  • Target

    bd25dd5a0bc5581b4034d74d3dee33d93790581ade64326f47af5f27ef27d5f4

  • Size

    751KB

  • Sample

    241109-z81mkavqbq

  • MD5

    a90916d5882c5200306128f2b89b103a

  • SHA1

    62dac88e952c822a149c31e51d9c719aeff0a918

  • SHA256

    bd25dd5a0bc5581b4034d74d3dee33d93790581ade64326f47af5f27ef27d5f4

  • SHA512

    507dc032fb98756205c7e4875ba86872afc244040e2ad8100af2e8d652b8ae0dad0f5a065644f59e299a82f20489a175b8cde4c66227a0a33f2b4879827996b5

  • SSDEEP

    12288:kMr/y90RK+E2wBRKG4QoG4+Lyog5tQ9oNGWp8TyjjmCQeOwneNzaKkszwoCGbrzW:7yN2wuZGFgXWoNqTIqCQe8BUoCQa

Malware Config

Extracted

Family

redline

Botnet

dars

C2

83.97.73.127:19045

Attributes
  • auth_value

    7cd208e6b6c927262304d5d4d88647fd

Targets

    • Target

      bd25dd5a0bc5581b4034d74d3dee33d93790581ade64326f47af5f27ef27d5f4

    • Size

      751KB

    • MD5

      a90916d5882c5200306128f2b89b103a

    • SHA1

      62dac88e952c822a149c31e51d9c719aeff0a918

    • SHA256

      bd25dd5a0bc5581b4034d74d3dee33d93790581ade64326f47af5f27ef27d5f4

    • SHA512

      507dc032fb98756205c7e4875ba86872afc244040e2ad8100af2e8d652b8ae0dad0f5a065644f59e299a82f20489a175b8cde4c66227a0a33f2b4879827996b5

    • SSDEEP

      12288:kMr/y90RK+E2wBRKG4QoG4+Lyog5tQ9oNGWp8TyjjmCQeOwneNzaKkszwoCGbrzW:7yN2wuZGFgXWoNqTIqCQe8BUoCQa

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks