General

  • Target

    06fab2f31b43b69689af57d0b84472062d127c7e96140deb49b842c3c3d27525

  • Size

    480KB

  • Sample

    241110-ym4awsxjgr

  • MD5

    2b3b33d120d901a322d81a271ae0fc4f

  • SHA1

    b034436c440256fbbbc9ec3792c54e8111b3c6da

  • SHA256

    06fab2f31b43b69689af57d0b84472062d127c7e96140deb49b842c3c3d27525

  • SHA512

    7d19632ac4c66f53c70963dbb119ce8e5d8e3d22cfe0714f622d9151ac799b70cf2987dcf95d0945e97a31ea9b4dffa8cf541924ed406fc9c2fb0441810787a5

  • SSDEEP

    12288:IMrgy90LbjdfPHWLozrH6pB6/QmxteN2+nr0oyQAKX:Yy+j9HWczrHAmQWW2+nuQt

Malware Config

Extracted

Family

redline

Botnet

daris

C2

217.196.96.56:4138

Attributes
  • auth_value

    3491f24ae0250969cd45ce4b3fe77549

Targets

    • Target

      06fab2f31b43b69689af57d0b84472062d127c7e96140deb49b842c3c3d27525

    • Size

      480KB

    • MD5

      2b3b33d120d901a322d81a271ae0fc4f

    • SHA1

      b034436c440256fbbbc9ec3792c54e8111b3c6da

    • SHA256

      06fab2f31b43b69689af57d0b84472062d127c7e96140deb49b842c3c3d27525

    • SHA512

      7d19632ac4c66f53c70963dbb119ce8e5d8e3d22cfe0714f622d9151ac799b70cf2987dcf95d0945e97a31ea9b4dffa8cf541924ed406fc9c2fb0441810787a5

    • SSDEEP

      12288:IMrgy90LbjdfPHWLozrH6pB6/QmxteN2+nr0oyQAKX:Yy+j9HWczrHAmQWW2+nuQt

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks