General

  • Target

    1cc37160aa109e45fd575d8a026cd8a8c89964682f65a420b5da7fd61f7827f1

  • Size

    751KB

  • Sample

    241110-s9j8mszdlp

  • MD5

    ce6012945dc46bec337fbd0f07d65768

  • SHA1

    989f02fe9f6766d209df661ef0c9b794b45f4c45

  • SHA256

    1cc37160aa109e45fd575d8a026cd8a8c89964682f65a420b5da7fd61f7827f1

  • SHA512

    effb62a16e589be4bf66d59fa93730f23366d8ee97abb9266dcf273f5a5cbf8a87010c44ef5aaf064e0bb2ca8c0812cdf4d76a98cb4256ce078a84ac73d546d9

  • SSDEEP

    12288:/MrLy908I0eJoX29IBEEXAJgaFeRzxHtjZxBPsZzkkzhcCAtrryqdadFPP+ksqMl:4yC+TB029R98zhTUrr2Hnvssm

Malware Config

Extracted

Family

redline

Botnet

dars

C2

83.97.73.127:19045

Attributes
  • auth_value

    7cd208e6b6c927262304d5d4d88647fd

Targets

    • Target

      1cc37160aa109e45fd575d8a026cd8a8c89964682f65a420b5da7fd61f7827f1

    • Size

      751KB

    • MD5

      ce6012945dc46bec337fbd0f07d65768

    • SHA1

      989f02fe9f6766d209df661ef0c9b794b45f4c45

    • SHA256

      1cc37160aa109e45fd575d8a026cd8a8c89964682f65a420b5da7fd61f7827f1

    • SHA512

      effb62a16e589be4bf66d59fa93730f23366d8ee97abb9266dcf273f5a5cbf8a87010c44ef5aaf064e0bb2ca8c0812cdf4d76a98cb4256ce078a84ac73d546d9

    • SSDEEP

      12288:/MrLy908I0eJoX29IBEEXAJgaFeRzxHtjZxBPsZzkkzhcCAtrryqdadFPP+ksqMl:4yC+TB029R98zhTUrr2Hnvssm

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks