General

  • Target

    63c786eea71b505a7d2888fde3222f8be0cfcbfa7526ace4158286e745895329

  • Size

    728KB

  • Sample

    241110-h8y1assfjf

  • MD5

    e952f2c777a812471d20d906f989efec

  • SHA1

    dfc304d8ff8b7539306562b6e628cce724e07ecc

  • SHA256

    63c786eea71b505a7d2888fde3222f8be0cfcbfa7526ace4158286e745895329

  • SHA512

    f0cb0fa5a43862dedb015b4661415bab966783e28de949a49aab74b04936ba58abde1a76db2984329360faf4260d3fc99dc8fd4386ddf490adb604c746c7f04e

  • SSDEEP

    12288:aMrDy90kHaZ5jEb6H+1x0YZ+ZNu/5yH6yPebfczlAVFbGVRzUv8UJeoJ:xypipPHcGDm4kz/bGCbL

Malware Config

Extracted

Family

redline

Botnet

dars

C2

83.97.73.127:19045

Attributes
  • auth_value

    7cd208e6b6c927262304d5d4d88647fd

Targets

    • Target

      63c786eea71b505a7d2888fde3222f8be0cfcbfa7526ace4158286e745895329

    • Size

      728KB

    • MD5

      e952f2c777a812471d20d906f989efec

    • SHA1

      dfc304d8ff8b7539306562b6e628cce724e07ecc

    • SHA256

      63c786eea71b505a7d2888fde3222f8be0cfcbfa7526ace4158286e745895329

    • SHA512

      f0cb0fa5a43862dedb015b4661415bab966783e28de949a49aab74b04936ba58abde1a76db2984329360faf4260d3fc99dc8fd4386ddf490adb604c746c7f04e

    • SSDEEP

      12288:aMrDy90kHaZ5jEb6H+1x0YZ+ZNu/5yH6yPebfczlAVFbGVRzUv8UJeoJ:xypipPHcGDm4kz/bGCbL

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks