General

  • Target

    9cc007f8bd802a9a66f523279781657f5933e2f1bfe79687eaa89ff31617a372

  • Size

    479KB

  • Sample

    241110-brwqaayrbj

  • MD5

    6389e11dc4e94b240b147d05f68c0cd0

  • SHA1

    f62d845c4e6c837ca75c6c9cac70f1412c739566

  • SHA256

    9cc007f8bd802a9a66f523279781657f5933e2f1bfe79687eaa89ff31617a372

  • SHA512

    a1236529e523bbc75ba8bb25234ece88b4907dd59db0a265c7e281402cc52f8489ecf8c1907911abec1912b6b90689dc723a0b26a4143caf8e200fe4cc11ed9c

  • SSDEEP

    12288:NMrEy90T5SNYKv4wbroGt4vWXzoa9qjTf7G+n65ppGSnJB:VyBFHoTvqzH9qjxCpG0JB

Malware Config

Extracted

Family

redline

Botnet

diwer

C2

217.196.96.101:4132

Attributes
  • auth_value

    42abfa9e4f2e290c8bdbc776fd9bb6ad

Targets

    • Target

      9cc007f8bd802a9a66f523279781657f5933e2f1bfe79687eaa89ff31617a372

    • Size

      479KB

    • MD5

      6389e11dc4e94b240b147d05f68c0cd0

    • SHA1

      f62d845c4e6c837ca75c6c9cac70f1412c739566

    • SHA256

      9cc007f8bd802a9a66f523279781657f5933e2f1bfe79687eaa89ff31617a372

    • SHA512

      a1236529e523bbc75ba8bb25234ece88b4907dd59db0a265c7e281402cc52f8489ecf8c1907911abec1912b6b90689dc723a0b26a4143caf8e200fe4cc11ed9c

    • SSDEEP

      12288:NMrEy90T5SNYKv4wbroGt4vWXzoa9qjTf7G+n65ppGSnJB:VyBFHoTvqzH9qjxCpG0JB

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks