General

  • Target

    afd3177ea74d77bc9e1e79ce3529cdeca6ba66f1b8dec66a97c244553227d112

  • Size

    567KB

  • Sample

    241111-a2df1sydjm

  • MD5

    a219e8927dd27399aa65963e192bef81

  • SHA1

    c7b344cc04425c2424197b36e1cdbd7ebc6369b0

  • SHA256

    afd3177ea74d77bc9e1e79ce3529cdeca6ba66f1b8dec66a97c244553227d112

  • SHA512

    e464d09d8361cad2d5645b5aad449f2b80b6ae233e4f3d4767997b915b021b9442d5a2cfdae5ab1d08acf66e786463e19d62dbd389ba2e89d0e413372510dd42

  • SSDEEP

    12288:kMrBy90V3GaBXC/r3HiHbiCWgefQQ6sk+xXEG7VvJI:lyUN0r3HkbHefB6sMGVO

Malware Config

Extracted

Family

redline

Botnet

daris

C2

217.196.96.56:4138

Attributes
  • auth_value

    3491f24ae0250969cd45ce4b3fe77549

Targets

    • Target

      afd3177ea74d77bc9e1e79ce3529cdeca6ba66f1b8dec66a97c244553227d112

    • Size

      567KB

    • MD5

      a219e8927dd27399aa65963e192bef81

    • SHA1

      c7b344cc04425c2424197b36e1cdbd7ebc6369b0

    • SHA256

      afd3177ea74d77bc9e1e79ce3529cdeca6ba66f1b8dec66a97c244553227d112

    • SHA512

      e464d09d8361cad2d5645b5aad449f2b80b6ae233e4f3d4767997b915b021b9442d5a2cfdae5ab1d08acf66e786463e19d62dbd389ba2e89d0e413372510dd42

    • SSDEEP

      12288:kMrBy90V3GaBXC/r3HiHbiCWgefQQ6sk+xXEG7VvJI:lyUN0r3HkbHefB6sMGVO

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks