General

  • Target

    22d17154f0d055f098ff7c39aed98d01c3e7b0e587923f125e0c2e10fe0e6d2d

  • Size

    480KB

  • Sample

    241110-3z1gzsybkc

  • MD5

    7542c09fa0bce200dd526598b2500b82

  • SHA1

    92a0239d1831a70700e3c08ba851d00dd9495a74

  • SHA256

    22d17154f0d055f098ff7c39aed98d01c3e7b0e587923f125e0c2e10fe0e6d2d

  • SHA512

    f8293194d10df2d8c1f70bec10fb90a07bfdea0a1f7bf6c99e502aa4fafbf8fe35f3cd57e978252683e191368d528bcb10b2f9a289b215bbaf578d66e92725fd

  • SSDEEP

    12288:GMrQy90iCzpf5QDyOCvGaq9zcfMIDzcUYSgG3tPv:Sy/KHGz9zsDio

Malware Config

Extracted

Family

redline

Botnet

daris

C2

217.196.96.56:4138

Attributes
  • auth_value

    3491f24ae0250969cd45ce4b3fe77549

Targets

    • Target

      22d17154f0d055f098ff7c39aed98d01c3e7b0e587923f125e0c2e10fe0e6d2d

    • Size

      480KB

    • MD5

      7542c09fa0bce200dd526598b2500b82

    • SHA1

      92a0239d1831a70700e3c08ba851d00dd9495a74

    • SHA256

      22d17154f0d055f098ff7c39aed98d01c3e7b0e587923f125e0c2e10fe0e6d2d

    • SHA512

      f8293194d10df2d8c1f70bec10fb90a07bfdea0a1f7bf6c99e502aa4fafbf8fe35f3cd57e978252683e191368d528bcb10b2f9a289b215bbaf578d66e92725fd

    • SSDEEP

      12288:GMrQy90iCzpf5QDyOCvGaq9zcfMIDzcUYSgG3tPv:Sy/KHGz9zsDio

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks