General

  • Target

    060a6054233da73e091831f98c9d84919b9a068461e99d5ca1a174bc7ef2e29c

  • Size

    711KB

  • Sample

    241110-zd3hnstphv

  • MD5

    2d86f2d00583c566035874041a6c9640

  • SHA1

    abd70ac2214b641080775adfed151d3c140f086e

  • SHA256

    060a6054233da73e091831f98c9d84919b9a068461e99d5ca1a174bc7ef2e29c

  • SHA512

    1fd8cdaae47e9868a578903893238c9365c81270b382f8af89d3a7d3f1fcdfbef1137a4ddfc65c5808765ea3f2933a8c69864af2d3673d147210d675262276ee

  • SSDEEP

    12288:yMr/y90fyO9snI4IrrL6vMAMHvFDr9bLYZuKZt73uz3AMgPc/QhuX5I0J:1y+h9d43nyvWkKn7+jAPPyQ4XFJ

Malware Config

Extracted

Family

redline

Botnet

daris

C2

217.196.96.56:4138

Attributes
  • auth_value

    3491f24ae0250969cd45ce4b3fe77549

Targets

    • Target

      060a6054233da73e091831f98c9d84919b9a068461e99d5ca1a174bc7ef2e29c

    • Size

      711KB

    • MD5

      2d86f2d00583c566035874041a6c9640

    • SHA1

      abd70ac2214b641080775adfed151d3c140f086e

    • SHA256

      060a6054233da73e091831f98c9d84919b9a068461e99d5ca1a174bc7ef2e29c

    • SHA512

      1fd8cdaae47e9868a578903893238c9365c81270b382f8af89d3a7d3f1fcdfbef1137a4ddfc65c5808765ea3f2933a8c69864af2d3673d147210d675262276ee

    • SSDEEP

      12288:yMr/y90fyO9snI4IrrL6vMAMHvFDr9bLYZuKZt73uz3AMgPc/QhuX5I0J:1y+h9d43nyvWkKn7+jAPPyQ4XFJ

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks