General

  • Target

    dc50de3b3a5f36472c322b8b589c0e5be7e7973dcafe394b5908f0af62466452

  • Size

    1.5MB

  • Sample

    241109-zflb6s1khw

  • MD5

    2b1c6390a0ef55d9994ceac8855d9513

  • SHA1

    9ef987d78b9f3c412bfdfcdd818160afa390f2ef

  • SHA256

    dc50de3b3a5f36472c322b8b589c0e5be7e7973dcafe394b5908f0af62466452

  • SHA512

    9798310aea061f447f6685dd10fbfce2435a8e1c026188574afa77a125b383bf81e231e19c59ba2b96fb8ae9bdb404885450217878a9458ab0ce8755f25e9b26

  • SSDEEP

    24576:pyU3Q90OWeKqdzA6jzibiXytKQ/RtlG6PAKD6Xw2q0WybcVb462:cUqRbKq66fGKQ//BHDlPlybcVb

Malware Config

Extracted

Family

redline

Botnet

most

C2

185.161.248.73:4164

Attributes
  • auth_value

    7da4dfa153f2919e617aa016f7c36008

Targets

    • Target

      dc50de3b3a5f36472c322b8b589c0e5be7e7973dcafe394b5908f0af62466452

    • Size

      1.5MB

    • MD5

      2b1c6390a0ef55d9994ceac8855d9513

    • SHA1

      9ef987d78b9f3c412bfdfcdd818160afa390f2ef

    • SHA256

      dc50de3b3a5f36472c322b8b589c0e5be7e7973dcafe394b5908f0af62466452

    • SHA512

      9798310aea061f447f6685dd10fbfce2435a8e1c026188574afa77a125b383bf81e231e19c59ba2b96fb8ae9bdb404885450217878a9458ab0ce8755f25e9b26

    • SSDEEP

      24576:pyU3Q90OWeKqdzA6jzibiXytKQ/RtlG6PAKD6Xw2q0WybcVb462:cUqRbKq66fGKQ//BHDlPlybcVb

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks