General

  • Target

    51ac97760aa7a447d5f6db6cfd2bef9bde55e1ca8d5fa7df6347adbf85d4a08e

  • Size

    480KB

  • Sample

    241110-11xflswekp

  • MD5

    300f5b61bb47be630a24da0e37e59150

  • SHA1

    29fca7c84c913649e47b093951df086da9e95956

  • SHA256

    51ac97760aa7a447d5f6db6cfd2bef9bde55e1ca8d5fa7df6347adbf85d4a08e

  • SHA512

    35ae6919814a8a530fc083572d0c6f67ae81382b39ccab9abc9eb62e6c9756fa5b09ccf74290e99c01c48ca64885021f8c4a37fad4dd2dd79dd62f08bc7fe803

  • SSDEEP

    12288:VMriy90f+/KTWHwB8ok3jv6KoDY1YgG9pLOU7s/:nysGTN3z6KoDY1YggOSU

Malware Config

Extracted

Family

redline

Botnet

daris

C2

217.196.96.56:4138

Attributes
  • auth_value

    3491f24ae0250969cd45ce4b3fe77549

Targets

    • Target

      51ac97760aa7a447d5f6db6cfd2bef9bde55e1ca8d5fa7df6347adbf85d4a08e

    • Size

      480KB

    • MD5

      300f5b61bb47be630a24da0e37e59150

    • SHA1

      29fca7c84c913649e47b093951df086da9e95956

    • SHA256

      51ac97760aa7a447d5f6db6cfd2bef9bde55e1ca8d5fa7df6347adbf85d4a08e

    • SHA512

      35ae6919814a8a530fc083572d0c6f67ae81382b39ccab9abc9eb62e6c9756fa5b09ccf74290e99c01c48ca64885021f8c4a37fad4dd2dd79dd62f08bc7fe803

    • SSDEEP

      12288:VMriy90f+/KTWHwB8ok3jv6KoDY1YgG9pLOU7s/:nysGTN3z6KoDY1YggOSU

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks