General

  • Target

    5b52f9fd7c818323d45f1ba999d3111d293493ee59681c84bf14ff7ba5c4828f

  • Size

    479KB

  • Sample

    241109-znqa4ascje

  • MD5

    91c76f2a9e7285184b7d55de212dcff4

  • SHA1

    bddf326aa81e94b0c793efdbf2d0f6e913ea77e8

  • SHA256

    5b52f9fd7c818323d45f1ba999d3111d293493ee59681c84bf14ff7ba5c4828f

  • SHA512

    b2954f54310cacb95fde8291bd8cf46bd12a38731e5eb88d4f5b4f897e604a687af3459756504f348d8063a046e45820e44e2f058f0f744897a4c18a02d9e56e

  • SSDEEP

    12288:CMruy90xlD9WFGRq3901pXGmATE/Z9buS8gzbyqL5o2:4ymXWFRmpWxTEKSv+Ky2

Malware Config

Extracted

Family

redline

Botnet

ditro

C2

217.196.96.101:4132

Attributes
  • auth_value

    8f24ed370a9b24aa28d3d634ea57912e

Targets

    • Target

      5b52f9fd7c818323d45f1ba999d3111d293493ee59681c84bf14ff7ba5c4828f

    • Size

      479KB

    • MD5

      91c76f2a9e7285184b7d55de212dcff4

    • SHA1

      bddf326aa81e94b0c793efdbf2d0f6e913ea77e8

    • SHA256

      5b52f9fd7c818323d45f1ba999d3111d293493ee59681c84bf14ff7ba5c4828f

    • SHA512

      b2954f54310cacb95fde8291bd8cf46bd12a38731e5eb88d4f5b4f897e604a687af3459756504f348d8063a046e45820e44e2f058f0f744897a4c18a02d9e56e

    • SSDEEP

      12288:CMruy90xlD9WFGRq3901pXGmATE/Z9buS8gzbyqL5o2:4ymXWFRmpWxTEKSv+Ky2

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks