General

  • Target

    21b3a4b7cd16df03f30e872abfa792e6982f1ca52c6d0ca1bf26013575f67a2c

  • Size

    567KB

  • Sample

    241110-wzlkhaseph

  • MD5

    05d3593ea63355fd3c7a0c5c2b4d6ad3

  • SHA1

    b7238c2edc47179002ca88f118cdb59e5fdb008f

  • SHA256

    21b3a4b7cd16df03f30e872abfa792e6982f1ca52c6d0ca1bf26013575f67a2c

  • SHA512

    0cbab544b852d4f7f1721441223d7262527f0796f91b69cbbcf125c72514b2b2ec1be0f4d45cb42047bde7f3f6715479157be907d232568aa21cbb22d5827a1e

  • SSDEEP

    12288:7Mrfy90cJCWZh0Kh33TwOZono5/rVH2PYO:Ay5Nw/o5/hWPYO

Malware Config

Extracted

Family

redline

Botnet

daris

C2

217.196.96.56:4138

Attributes
  • auth_value

    3491f24ae0250969cd45ce4b3fe77549

Targets

    • Target

      21b3a4b7cd16df03f30e872abfa792e6982f1ca52c6d0ca1bf26013575f67a2c

    • Size

      567KB

    • MD5

      05d3593ea63355fd3c7a0c5c2b4d6ad3

    • SHA1

      b7238c2edc47179002ca88f118cdb59e5fdb008f

    • SHA256

      21b3a4b7cd16df03f30e872abfa792e6982f1ca52c6d0ca1bf26013575f67a2c

    • SHA512

      0cbab544b852d4f7f1721441223d7262527f0796f91b69cbbcf125c72514b2b2ec1be0f4d45cb42047bde7f3f6715479157be907d232568aa21cbb22d5827a1e

    • SSDEEP

      12288:7Mrfy90cJCWZh0Kh33TwOZono5/rVH2PYO:Ay5Nw/o5/hWPYO

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks