General

  • Target

    edba8edd7df10f34a3e443c175baff5b518a6d740c965bd24ea4f6670a424748

  • Size

    479KB

  • Sample

    241110-w5wbwsscrl

  • MD5

    dbc61fbcd99957a453ea6e93b43fab13

  • SHA1

    f8f8e31fe8980f8a84b1ab324a6d85c6225e7e92

  • SHA256

    edba8edd7df10f34a3e443c175baff5b518a6d740c965bd24ea4f6670a424748

  • SHA512

    0ad6c4180aaec8e51a76ee6af02bcdf9e2c3c9240759be2d3cadde6285f89de3e21ef41feb9a6cf2025e3892042a2a4fe3950fab91b943799352c78f04f4bf17

  • SSDEEP

    12288:rMrwy90P+jSvsMTHTIPoynXWwvCauaHcWzx+TeX/:3yU+jSvp0PoyX3vZualMTo/

Malware Config

Extracted

Family

redline

Botnet

daris

C2

217.196.96.56:4138

Attributes
  • auth_value

    3491f24ae0250969cd45ce4b3fe77549

Targets

    • Target

      edba8edd7df10f34a3e443c175baff5b518a6d740c965bd24ea4f6670a424748

    • Size

      479KB

    • MD5

      dbc61fbcd99957a453ea6e93b43fab13

    • SHA1

      f8f8e31fe8980f8a84b1ab324a6d85c6225e7e92

    • SHA256

      edba8edd7df10f34a3e443c175baff5b518a6d740c965bd24ea4f6670a424748

    • SHA512

      0ad6c4180aaec8e51a76ee6af02bcdf9e2c3c9240759be2d3cadde6285f89de3e21ef41feb9a6cf2025e3892042a2a4fe3950fab91b943799352c78f04f4bf17

    • SSDEEP

      12288:rMrwy90P+jSvsMTHTIPoynXWwvCauaHcWzx+TeX/:3yU+jSvp0PoyX3vZualMTo/

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks