General

  • Target

    8635577fc10ef0a1dce4c612633696fb0c610f26880f2f97e5da699eb09d514d

  • Size

    479KB

  • Sample

    241111-ajdztsycrc

  • MD5

    6a143568ab898bb8be61708bc7591ee0

  • SHA1

    e84214b8905cb4945b100bb2f9eb5da7a74bc2ce

  • SHA256

    8635577fc10ef0a1dce4c612633696fb0c610f26880f2f97e5da699eb09d514d

  • SHA512

    4baa9978122dde069360b7b20bc58d0826cd64ed354c812e58236d9ce741655867187eef53c9120b8da6679f3e300122887dba225d568f38e45c7e0fa7f63e1a

  • SSDEEP

    6144:K7y+bnr+Vp0yN90QEq4ZPNszet8aZtHrj2AoEPPDQz8n8Os/X0TJ3A/ZggzCKCG9:pMrRy90g0sMPPPDAh23A/ugRCGOM

Malware Config

Extracted

Family

redline

Botnet

daris

C2

217.196.96.56:4138

Attributes
  • auth_value

    3491f24ae0250969cd45ce4b3fe77549

Targets

    • Target

      8635577fc10ef0a1dce4c612633696fb0c610f26880f2f97e5da699eb09d514d

    • Size

      479KB

    • MD5

      6a143568ab898bb8be61708bc7591ee0

    • SHA1

      e84214b8905cb4945b100bb2f9eb5da7a74bc2ce

    • SHA256

      8635577fc10ef0a1dce4c612633696fb0c610f26880f2f97e5da699eb09d514d

    • SHA512

      4baa9978122dde069360b7b20bc58d0826cd64ed354c812e58236d9ce741655867187eef53c9120b8da6679f3e300122887dba225d568f38e45c7e0fa7f63e1a

    • SSDEEP

      6144:K7y+bnr+Vp0yN90QEq4ZPNszet8aZtHrj2AoEPPDQz8n8Os/X0TJ3A/ZggzCKCG9:pMrRy90g0sMPPPDAh23A/ugRCGOM

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks