General

  • Target

    bcf16704ce7e8ca95c6b690e58062ff1e9e54134655b81a105a1c3ba62ad05e0

  • Size

    479KB

  • Sample

    241109-znawea1mcx

  • MD5

    48d45f33b0470d9deaa617b3f1c58f43

  • SHA1

    1f09b8721ed61f11f40eb041569461ff80b45543

  • SHA256

    bcf16704ce7e8ca95c6b690e58062ff1e9e54134655b81a105a1c3ba62ad05e0

  • SHA512

    e7ee5610759cd99fc5e74f744c6c98fb77178d5027ad489eb8cff4fd500e8e8473f7ef08704bf7aeefb43cb6ae5b08ef4f347e7ddc80b667fa7f5412e1cfcb5d

  • SSDEEP

    12288:BMrky9028BYxvUpEnSpLEb2dVVVMFD7Vn7:tyyYx8iSpLEy9V2p

Malware Config

Extracted

Family

redline

Botnet

dona

C2

217.196.96.101:4132

Attributes
  • auth_value

    9fbb198992bbc83a84ab1f21384813e3

Targets

    • Target

      bcf16704ce7e8ca95c6b690e58062ff1e9e54134655b81a105a1c3ba62ad05e0

    • Size

      479KB

    • MD5

      48d45f33b0470d9deaa617b3f1c58f43

    • SHA1

      1f09b8721ed61f11f40eb041569461ff80b45543

    • SHA256

      bcf16704ce7e8ca95c6b690e58062ff1e9e54134655b81a105a1c3ba62ad05e0

    • SHA512

      e7ee5610759cd99fc5e74f744c6c98fb77178d5027ad489eb8cff4fd500e8e8473f7ef08704bf7aeefb43cb6ae5b08ef4f347e7ddc80b667fa7f5412e1cfcb5d

    • SSDEEP

      12288:BMrky9028BYxvUpEnSpLEb2dVVVMFD7Vn7:tyyYx8iSpLEy9V2p

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks