General

  • Target

    e88a3a91bbb07bb7ad81e066fca86e02d0124efb934cc5bff72efe385b121500

  • Size

    480KB

  • Sample

    241110-ya5ceswqfq

  • MD5

    db4cbe12ddfc899a01a5c9d3f1206e51

  • SHA1

    0f5d6956d1912f0297b80518ce01a6d49fba8b34

  • SHA256

    e88a3a91bbb07bb7ad81e066fca86e02d0124efb934cc5bff72efe385b121500

  • SHA512

    9fcff2127a533d360d1fb38d79d01316fede74826a8a6f60fb4bdd5d5df7114fbb3fd2f2b59fb643a7dc7f527d2031e47ee523c04a6cfeb122b33c0a4160d9fe

  • SSDEEP

    12288:iMrOy90aGNCbrNSZBKwiiWPIbDqjJ3MUZB:oybf4ZKi0Ib+99ZB

Malware Config

Extracted

Family

redline

Botnet

daris

C2

217.196.96.56:4138

Attributes
  • auth_value

    3491f24ae0250969cd45ce4b3fe77549

Targets

    • Target

      e88a3a91bbb07bb7ad81e066fca86e02d0124efb934cc5bff72efe385b121500

    • Size

      480KB

    • MD5

      db4cbe12ddfc899a01a5c9d3f1206e51

    • SHA1

      0f5d6956d1912f0297b80518ce01a6d49fba8b34

    • SHA256

      e88a3a91bbb07bb7ad81e066fca86e02d0124efb934cc5bff72efe385b121500

    • SHA512

      9fcff2127a533d360d1fb38d79d01316fede74826a8a6f60fb4bdd5d5df7114fbb3fd2f2b59fb643a7dc7f527d2031e47ee523c04a6cfeb122b33c0a4160d9fe

    • SSDEEP

      12288:iMrOy90aGNCbrNSZBKwiiWPIbDqjJ3MUZB:oybf4ZKi0Ib+99ZB

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks