General

  • Target

    ff05c1d5bdb131285b994709778f6044f20a95a840a1686de06b1f8f169ff537

  • Size

    566KB

  • Sample

    241111-avvrqayfjc

  • MD5

    4a2b686b7c0ed54f2576912a2abe0d3f

  • SHA1

    e7cfdb2c9f3a9a165dd45664cf8566b9d4c35b33

  • SHA256

    ff05c1d5bdb131285b994709778f6044f20a95a840a1686de06b1f8f169ff537

  • SHA512

    0566a223106f99e3aa4e17036b12b67c4ac975b0daf559dafabe1d0bd8ac31fee9dd5c19ebbbde5bfb11c892c8072f0aa53810eb2d3b93a948311c049be13e3e

  • SSDEEP

    12288:qMrBy90ufZ+ClYmtVqQNsrRTC0qGTdxpxhNGSdEg:LyF/lYmzxsrRTtqGhxpxzG0

Malware Config

Extracted

Family

redline

Botnet

darm

C2

217.196.96.56:4138

Attributes
  • auth_value

    d88ac8ccc04ab9979b04b46313db1648

Targets

    • Target

      ff05c1d5bdb131285b994709778f6044f20a95a840a1686de06b1f8f169ff537

    • Size

      566KB

    • MD5

      4a2b686b7c0ed54f2576912a2abe0d3f

    • SHA1

      e7cfdb2c9f3a9a165dd45664cf8566b9d4c35b33

    • SHA256

      ff05c1d5bdb131285b994709778f6044f20a95a840a1686de06b1f8f169ff537

    • SHA512

      0566a223106f99e3aa4e17036b12b67c4ac975b0daf559dafabe1d0bd8ac31fee9dd5c19ebbbde5bfb11c892c8072f0aa53810eb2d3b93a948311c049be13e3e

    • SSDEEP

      12288:qMrBy90ufZ+ClYmtVqQNsrRTC0qGTdxpxhNGSdEg:LyF/lYmzxsrRTtqGhxpxzG0

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks