General

  • Target

    17c5e841e61fb3144d50a1716b0f0caa6f315ca485c5226b03d6d67c768a5e17

  • Size

    480KB

  • Sample

    241110-yskezatfmn

  • MD5

    d89213875aa8d0ffdca4d6590997d900

  • SHA1

    b328b547981b61a0101626b1948878c830154a56

  • SHA256

    17c5e841e61fb3144d50a1716b0f0caa6f315ca485c5226b03d6d67c768a5e17

  • SHA512

    79493e8e25b430997cf812019d5a767a279c651d65f31e810205b27ccf579c801b52d069b9be8e4f6646f768b1a85206352b9e7043e4482e98c8ed8ea8209af3

  • SSDEEP

    12288:1MrKy90zAywxv1jdBuxqCv0uXnoPGktJ:/yRBJBCqO0uGGA

Malware Config

Extracted

Family

redline

Botnet

daris

C2

217.196.96.56:4138

Attributes
  • auth_value

    3491f24ae0250969cd45ce4b3fe77549

Targets

    • Target

      17c5e841e61fb3144d50a1716b0f0caa6f315ca485c5226b03d6d67c768a5e17

    • Size

      480KB

    • MD5

      d89213875aa8d0ffdca4d6590997d900

    • SHA1

      b328b547981b61a0101626b1948878c830154a56

    • SHA256

      17c5e841e61fb3144d50a1716b0f0caa6f315ca485c5226b03d6d67c768a5e17

    • SHA512

      79493e8e25b430997cf812019d5a767a279c651d65f31e810205b27ccf579c801b52d069b9be8e4f6646f768b1a85206352b9e7043e4482e98c8ed8ea8209af3

    • SSDEEP

      12288:1MrKy90zAywxv1jdBuxqCv0uXnoPGktJ:/yRBJBCqO0uGGA

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks