General

  • Target

    4ff4b70620bd2551140295c2318d1f9203e10a091ed3c89c3fac8a0064879452

  • Size

    479KB

  • Sample

    241110-xxdybawnem

  • MD5

    6c9d28bcc4f068e4fc540b57d5ead84d

  • SHA1

    057ba8c2812d04e556b7c616b7ebbee58473b4fb

  • SHA256

    4ff4b70620bd2551140295c2318d1f9203e10a091ed3c89c3fac8a0064879452

  • SHA512

    1f57c7033d95d2ff410f486388384caf16795bfd9bc7113096a923ae7cd06a49a6ca45121cb463d83efa2eef307db1cb941f3ec54ff8bcb3afcaa1c3d541b6b9

  • SSDEEP

    12288:7MrIy90ACHaPwSGG3U1ekPR6qvJchMcC9D:ryoEyNPIqvMCB

Malware Config

Extracted

Family

redline

Botnet

daris

C2

217.196.96.56:4138

Attributes
  • auth_value

    3491f24ae0250969cd45ce4b3fe77549

Targets

    • Target

      4ff4b70620bd2551140295c2318d1f9203e10a091ed3c89c3fac8a0064879452

    • Size

      479KB

    • MD5

      6c9d28bcc4f068e4fc540b57d5ead84d

    • SHA1

      057ba8c2812d04e556b7c616b7ebbee58473b4fb

    • SHA256

      4ff4b70620bd2551140295c2318d1f9203e10a091ed3c89c3fac8a0064879452

    • SHA512

      1f57c7033d95d2ff410f486388384caf16795bfd9bc7113096a923ae7cd06a49a6ca45121cb463d83efa2eef307db1cb941f3ec54ff8bcb3afcaa1c3d541b6b9

    • SSDEEP

      12288:7MrIy90ACHaPwSGG3U1ekPR6qvJchMcC9D:ryoEyNPIqvMCB

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks