General

  • Target

    dd7bf15c0f31c77719f5c20dea788f11fd59f8dc61f5f2d4db0fba713244d132

  • Size

    479KB

  • Sample

    241109-zvne3s1nft

  • MD5

    146c75acda449b7c4a36589ffef0cd25

  • SHA1

    dfdec176539f3a8384473ad8dd4903ef7681666a

  • SHA256

    dd7bf15c0f31c77719f5c20dea788f11fd59f8dc61f5f2d4db0fba713244d132

  • SHA512

    76197497a5b2e30f0910c2a614e360cab2c245d52c99558973466b2ae759578f61edbd892cfd2848a31421fa951b3f11203140da12868da74ae1fbcd55fca717

  • SSDEEP

    6144:KCy+bnr+cp0yN90QEfFf3jOlGL7TYF9jhVhC4yzP/aiFIuFOuHRVTvuvnlgOT+8V:uMr0y90xFfa0L/Yzjhn3UDIQTTWtyA

Malware Config

Extracted

Family

redline

Botnet

dippo

C2

217.196.96.102:4132

Attributes
  • auth_value

    79490ff628fd6af3b29170c3c163874b

Targets

    • Target

      dd7bf15c0f31c77719f5c20dea788f11fd59f8dc61f5f2d4db0fba713244d132

    • Size

      479KB

    • MD5

      146c75acda449b7c4a36589ffef0cd25

    • SHA1

      dfdec176539f3a8384473ad8dd4903ef7681666a

    • SHA256

      dd7bf15c0f31c77719f5c20dea788f11fd59f8dc61f5f2d4db0fba713244d132

    • SHA512

      76197497a5b2e30f0910c2a614e360cab2c245d52c99558973466b2ae759578f61edbd892cfd2848a31421fa951b3f11203140da12868da74ae1fbcd55fca717

    • SSDEEP

      6144:KCy+bnr+cp0yN90QEfFf3jOlGL7TYF9jhVhC4yzP/aiFIuFOuHRVTvuvnlgOT+8V:uMr0y90xFfa0L/Yzjhn3UDIQTTWtyA

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks