General

  • Target

    11ce308e3f8add99615b6894b35d19fdf38068074f758d3373e8ccd93ddb406c

  • Size

    480KB

  • Sample

    241110-zyyefsykep

  • MD5

    efa950a9ae0a8a6c01d2345ba4581c9c

  • SHA1

    4f69124949bc8e522d86499d91300684d552e496

  • SHA256

    11ce308e3f8add99615b6894b35d19fdf38068074f758d3373e8ccd93ddb406c

  • SHA512

    ecd5140c9d80e1fbd330a77a1704777a4eb9486cd59ebd6ddce238f3e7319c9ec6c2602055b985c5968286231413a16800bc617cfaafc57fee9dff9056dc565c

  • SSDEEP

    12288:3Mr6y904N4yXWHKJ/A7NCPCCwT8/2e4yay:5ybNfmHK6NCaCwTm34Vy

Malware Config

Extracted

Family

redline

Botnet

daris

C2

217.196.96.56:4138

Attributes
  • auth_value

    3491f24ae0250969cd45ce4b3fe77549

Targets

    • Target

      11ce308e3f8add99615b6894b35d19fdf38068074f758d3373e8ccd93ddb406c

    • Size

      480KB

    • MD5

      efa950a9ae0a8a6c01d2345ba4581c9c

    • SHA1

      4f69124949bc8e522d86499d91300684d552e496

    • SHA256

      11ce308e3f8add99615b6894b35d19fdf38068074f758d3373e8ccd93ddb406c

    • SHA512

      ecd5140c9d80e1fbd330a77a1704777a4eb9486cd59ebd6ddce238f3e7319c9ec6c2602055b985c5968286231413a16800bc617cfaafc57fee9dff9056dc565c

    • SSDEEP

      12288:3Mr6y904N4yXWHKJ/A7NCPCCwT8/2e4yay:5ybNfmHK6NCaCwTm34Vy

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks