General

  • Target

    e9cc8a9d182675df9ef1a9ce468dd4d062f9a07beae6559d64667af0f864470f

  • Size

    587KB

  • Sample

    241110-bffvpaypcj

  • MD5

    251763171adad5d74a0809731503d4a4

  • SHA1

    8fa8156a27fdaf622cfc9d8edc7bbc7691a4f38d

  • SHA256

    e9cc8a9d182675df9ef1a9ce468dd4d062f9a07beae6559d64667af0f864470f

  • SHA512

    19a8cf3d2d801f30060babeb53da84b609011e8c1e35dd68c6966638a9d83037a733eeaa2111ada6ea35d895ef26a50546376ce621daf57fb24790e8c434b350

  • SSDEEP

    12288:rMrvy90E+DbWHcqccvMzcsRM+ojKa6ZVIi0K:My26Hcq/vMAh+oea6ZVIi0K

Malware Config

Extracted

Family

redline

Botnet

daris

C2

217.196.96.56:4138

Attributes
  • auth_value

    3491f24ae0250969cd45ce4b3fe77549

Targets

    • Target

      e9cc8a9d182675df9ef1a9ce468dd4d062f9a07beae6559d64667af0f864470f

    • Size

      587KB

    • MD5

      251763171adad5d74a0809731503d4a4

    • SHA1

      8fa8156a27fdaf622cfc9d8edc7bbc7691a4f38d

    • SHA256

      e9cc8a9d182675df9ef1a9ce468dd4d062f9a07beae6559d64667af0f864470f

    • SHA512

      19a8cf3d2d801f30060babeb53da84b609011e8c1e35dd68c6966638a9d83037a733eeaa2111ada6ea35d895ef26a50546376ce621daf57fb24790e8c434b350

    • SSDEEP

      12288:rMrvy90E+DbWHcqccvMzcsRM+ojKa6ZVIi0K:My26Hcq/vMAh+oea6ZVIi0K

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks