General

  • Target

    747b9652359501d2aa346d2861e9cb9ea5305e685830434b3de4b3d860eaab8c

  • Size

    479KB

  • Sample

    241109-zdxmesvjhl

  • MD5

    1c7b8ec4a4f311498e47eb720160bb46

  • SHA1

    849dbbf6c9f4d7d2f90d609b1988ed660d23fd7d

  • SHA256

    747b9652359501d2aa346d2861e9cb9ea5305e685830434b3de4b3d860eaab8c

  • SHA512

    66bb4c9d6d2e8314f53e1996a89fb8f19ae98d474d6e4e03415ba813f2a849b3b4880630416416f6771f0f8aa73e07e67f5a84de75a7ff65088e516424eae48b

  • SSDEEP

    12288:SMrey90qsKAogS90r+N8LBqMbL1VFULI1rqEwZLrfk:wytsKZg60rDBlF7Lrz+r8

Malware Config

Extracted

Family

redline

Botnet

domor

C2

217.196.96.101:4132

Attributes
  • auth_value

    39471bda00546bb0435bc7adfd6881dc

Targets

    • Target

      747b9652359501d2aa346d2861e9cb9ea5305e685830434b3de4b3d860eaab8c

    • Size

      479KB

    • MD5

      1c7b8ec4a4f311498e47eb720160bb46

    • SHA1

      849dbbf6c9f4d7d2f90d609b1988ed660d23fd7d

    • SHA256

      747b9652359501d2aa346d2861e9cb9ea5305e685830434b3de4b3d860eaab8c

    • SHA512

      66bb4c9d6d2e8314f53e1996a89fb8f19ae98d474d6e4e03415ba813f2a849b3b4880630416416f6771f0f8aa73e07e67f5a84de75a7ff65088e516424eae48b

    • SSDEEP

      12288:SMrey90qsKAogS90r+N8LBqMbL1VFULI1rqEwZLrfk:wytsKZg60rDBlF7Lrz+r8

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks