General

  • Target

    59db45b2ff61da49edaefdb0a80f7b79d06b8f38c5bfa84798106fc619579252

  • Size

    603KB

  • Sample

    241110-xahyrasdnr

  • MD5

    bb826f2ea965655f3932c1048045cc42

  • SHA1

    45346dba76628f828919f62cbcddfc8bdeb4d92f

  • SHA256

    59db45b2ff61da49edaefdb0a80f7b79d06b8f38c5bfa84798106fc619579252

  • SHA512

    49326a9e8ffa9a3ad18cc3bfca17f6f8913346869b301eab1e2964bed868e4d5e647128fcb5dfb9607a300df7e6457aaafe81f14c555d7bf951ff0331fab8182

  • SSDEEP

    12288:2Mr8y90UNUybSawGoTwYskqxEwBEgMLu5uJFbEruK69BEEta1LSc0rn1:Gy9UyWawGoEBnLBEfLuQo6zBBxbh

Malware Config

Extracted

Family

redline

Botnet

daris

C2

217.196.96.56:4138

Attributes
  • auth_value

    3491f24ae0250969cd45ce4b3fe77549

Targets

    • Target

      59db45b2ff61da49edaefdb0a80f7b79d06b8f38c5bfa84798106fc619579252

    • Size

      603KB

    • MD5

      bb826f2ea965655f3932c1048045cc42

    • SHA1

      45346dba76628f828919f62cbcddfc8bdeb4d92f

    • SHA256

      59db45b2ff61da49edaefdb0a80f7b79d06b8f38c5bfa84798106fc619579252

    • SHA512

      49326a9e8ffa9a3ad18cc3bfca17f6f8913346869b301eab1e2964bed868e4d5e647128fcb5dfb9607a300df7e6457aaafe81f14c555d7bf951ff0331fab8182

    • SSDEEP

      12288:2Mr8y90UNUybSawGoTwYskqxEwBEgMLu5uJFbEruK69BEEta1LSc0rn1:Gy9UyWawGoEBnLBEfLuQo6zBBxbh

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks