General

  • Target

    17a5734a70d122f212f6c30cf6d1b0a0f7bf250b56a0228e719acd91dcf27549

  • Size

    731KB

  • Sample

    241110-ztdt9avjgz

  • MD5

    c086b02da96c711cbabfe821bffa640d

  • SHA1

    ef2cef7954f06fe74909478c2306d696dc40b801

  • SHA256

    17a5734a70d122f212f6c30cf6d1b0a0f7bf250b56a0228e719acd91dcf27549

  • SHA512

    56626fa1ea7965742b61dca9ef9b5e6d8bea03d4fa98619efb04abb686cb04f49b59a6cf4dfc4899a73a3fe52d2a0526cde459ffd6a2700ef888a37c2386e925

  • SSDEEP

    12288:hMrky90psL61Xo1QgDNn0V0YG1ugrtQ9oQrmliE06ffdx2tSZk9/Fh8R6+mK4b0q:NyyyRGrynJWoQr4iEFPTI40n06

Malware Config

Extracted

Family

redline

Botnet

dars

C2

83.97.73.127:19045

Attributes
  • auth_value

    7cd208e6b6c927262304d5d4d88647fd

Targets

    • Target

      17a5734a70d122f212f6c30cf6d1b0a0f7bf250b56a0228e719acd91dcf27549

    • Size

      731KB

    • MD5

      c086b02da96c711cbabfe821bffa640d

    • SHA1

      ef2cef7954f06fe74909478c2306d696dc40b801

    • SHA256

      17a5734a70d122f212f6c30cf6d1b0a0f7bf250b56a0228e719acd91dcf27549

    • SHA512

      56626fa1ea7965742b61dca9ef9b5e6d8bea03d4fa98619efb04abb686cb04f49b59a6cf4dfc4899a73a3fe52d2a0526cde459ffd6a2700ef888a37c2386e925

    • SSDEEP

      12288:hMrky90psL61Xo1QgDNn0V0YG1ugrtQ9oQrmliE06ffdx2tSZk9/Fh8R6+mK4b0q:NyyyRGrynJWoQr4iEFPTI40n06

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks