General

  • Target

    f9390d54be028fe7f19899d0c816d1298704003647d5977442877215bf9c59f3

  • Size

    479KB

  • Sample

    241109-zd1n3ssajr

  • MD5

    19c1f800c25bf9bd9a92469482a4549c

  • SHA1

    d5bc7ae493dda8372e1203cd448adf37367e804b

  • SHA256

    f9390d54be028fe7f19899d0c816d1298704003647d5977442877215bf9c59f3

  • SHA512

    d211afbbbad50e4e10f2e2865749322548da364daf938334a9040ba97921d07a179874f38a7dfd8faa949d7fc60cfe12ab5a30738ddc4f55ec16badae3cce5cb

  • SSDEEP

    12288:lMrry90wbXUtPjZUN0qE8kF91rqHgwzISk0hi:ayOZKPfkFzogwzIgc

Malware Config

Extracted

Family

redline

Botnet

diwer

C2

217.196.96.101:4132

Attributes
  • auth_value

    42abfa9e4f2e290c8bdbc776fd9bb6ad

Targets

    • Target

      f9390d54be028fe7f19899d0c816d1298704003647d5977442877215bf9c59f3

    • Size

      479KB

    • MD5

      19c1f800c25bf9bd9a92469482a4549c

    • SHA1

      d5bc7ae493dda8372e1203cd448adf37367e804b

    • SHA256

      f9390d54be028fe7f19899d0c816d1298704003647d5977442877215bf9c59f3

    • SHA512

      d211afbbbad50e4e10f2e2865749322548da364daf938334a9040ba97921d07a179874f38a7dfd8faa949d7fc60cfe12ab5a30738ddc4f55ec16badae3cce5cb

    • SSDEEP

      12288:lMrry90wbXUtPjZUN0qE8kF91rqHgwzISk0hi:ayOZKPfkFzogwzIgc

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks