General

  • Target

    3633d187c10c7f69511f5f4663814749fe3f3996297de176bf5762a25cb3d647.exe

  • Size

    480KB

  • Sample

    241110-zrcjeavgmh

  • MD5

    08b238c23f6b4888ec66171a5ab016a5

  • SHA1

    0e15d152a47849560f081c8d60719c6f996b043d

  • SHA256

    3633d187c10c7f69511f5f4663814749fe3f3996297de176bf5762a25cb3d647

  • SHA512

    a823c25cf08ace58a36024518af9980c99f419950000dba0d5b3b00234aaa50f0b56542a68d7650d38ee17059253da38290d0c65f301ba2f6841988a7baca3a5

  • SSDEEP

    12288:IMrgy90LbjdfPHWLozrH6pB6/QmxteN2+nr0oyQAKXZ:Yy+j9HWczrHAmQWW2+nuQtZ

Malware Config

Extracted

Family

redline

Botnet

daris

C2

217.196.96.56:4138

Attributes
  • auth_value

    3491f24ae0250969cd45ce4b3fe77549

Targets

    • Target

      3633d187c10c7f69511f5f4663814749fe3f3996297de176bf5762a25cb3d647.exe

    • Size

      480KB

    • MD5

      08b238c23f6b4888ec66171a5ab016a5

    • SHA1

      0e15d152a47849560f081c8d60719c6f996b043d

    • SHA256

      3633d187c10c7f69511f5f4663814749fe3f3996297de176bf5762a25cb3d647

    • SHA512

      a823c25cf08ace58a36024518af9980c99f419950000dba0d5b3b00234aaa50f0b56542a68d7650d38ee17059253da38290d0c65f301ba2f6841988a7baca3a5

    • SSDEEP

      12288:IMrgy90LbjdfPHWLozrH6pB6/QmxteN2+nr0oyQAKXZ:Yy+j9HWczrHAmQWW2+nuQtZ

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks