General

  • Target

    29657fee94ce91b10dfd3b24186f9ea51172dc32b1a687f344a984a108257a48

  • Size

    643KB

  • Sample

    241110-bkdk5avqes

  • MD5

    94a406360fd8a4c7e86c2339205855ba

  • SHA1

    cd9b546e8b177e0c98d794ac561ed0c01caf312b

  • SHA256

    29657fee94ce91b10dfd3b24186f9ea51172dc32b1a687f344a984a108257a48

  • SHA512

    ed68a2c60917cb49c2400e409bf1666ddf866631c6c3c184a34d65a25452191add579dd5b12b3f2397f1164473480ccfe95f6bdccb05701427cde98c68f62e49

  • SSDEEP

    12288:lMrqy90l8/cFfrs1uWLdcRphuavCKHXVr7r4ukpxhNi+:jytsox+PvCKHXVr7fkpxzn

Malware Config

Extracted

Family

redline

Botnet

darm

C2

217.196.96.56:4138

Attributes
  • auth_value

    d88ac8ccc04ab9979b04b46313db1648

Targets

    • Target

      29657fee94ce91b10dfd3b24186f9ea51172dc32b1a687f344a984a108257a48

    • Size

      643KB

    • MD5

      94a406360fd8a4c7e86c2339205855ba

    • SHA1

      cd9b546e8b177e0c98d794ac561ed0c01caf312b

    • SHA256

      29657fee94ce91b10dfd3b24186f9ea51172dc32b1a687f344a984a108257a48

    • SHA512

      ed68a2c60917cb49c2400e409bf1666ddf866631c6c3c184a34d65a25452191add579dd5b12b3f2397f1164473480ccfe95f6bdccb05701427cde98c68f62e49

    • SSDEEP

      12288:lMrqy90l8/cFfrs1uWLdcRphuavCKHXVr7r4ukpxhNi+:jytsox+PvCKHXVr7fkpxzn

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks