General

  • Target

    dbc3fcb4ced5239d544b92154d6e2a2a602efdce79e38ac17e97af1d78105f04

  • Size

    480KB

  • Sample

    241110-brt7fsweqp

  • MD5

    13ee56593cc3c024c729c7568fbde0e1

  • SHA1

    3107b853c16e850abc1205e24bdf37f83cd3a613

  • SHA256

    dbc3fcb4ced5239d544b92154d6e2a2a602efdce79e38ac17e97af1d78105f04

  • SHA512

    f03614da36d8321230f7a0ec30fca517845b24d5dbc007ed3f99dc680b10ba1ca197760c578b66061fbdab29199875599de26cf4ccb8d813559a7f473a5d08a3

  • SSDEEP

    12288:GMruy90zKTHgphPxmmyZLQU22moUSU5lSrRP:MyWKammyZLQU22DUSU5lSrRP

Malware Config

Extracted

Family

redline

Botnet

daris

C2

217.196.96.56:4138

Attributes
  • auth_value

    3491f24ae0250969cd45ce4b3fe77549

Targets

    • Target

      dbc3fcb4ced5239d544b92154d6e2a2a602efdce79e38ac17e97af1d78105f04

    • Size

      480KB

    • MD5

      13ee56593cc3c024c729c7568fbde0e1

    • SHA1

      3107b853c16e850abc1205e24bdf37f83cd3a613

    • SHA256

      dbc3fcb4ced5239d544b92154d6e2a2a602efdce79e38ac17e97af1d78105f04

    • SHA512

      f03614da36d8321230f7a0ec30fca517845b24d5dbc007ed3f99dc680b10ba1ca197760c578b66061fbdab29199875599de26cf4ccb8d813559a7f473a5d08a3

    • SSDEEP

      12288:GMruy90zKTHgphPxmmyZLQU22moUSU5lSrRP:MyWKammyZLQU22DUSU5lSrRP

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks