General

  • Target

    50100a111e859bd8a1371e78ddb40fb440f527420b1c40de82793a7e00ad7723

  • Size

    587KB

  • Sample

    241111-bcyw4azamc

  • MD5

    a81cc9e938ed6f0369ca08db243e3a4d

  • SHA1

    e3443c94334caf10c0ea50cf7cc227e94774b4d5

  • SHA256

    50100a111e859bd8a1371e78ddb40fb440f527420b1c40de82793a7e00ad7723

  • SHA512

    9a775976a1a0151be1ddbe04a8295d575e16f1d64e15acba517c9d7378b5c0c8177b9ad8c272f15068e636291904eddeb2ac0614311d71a2c487274a6179d7c6

  • SSDEEP

    12288:3Mroy90Ltv6jYCt4drweRd/Lrp/u6tMBwRbqP6xIHM:3yaDg41wqL1sBw9zKs

Malware Config

Extracted

Family

redline

Botnet

daris

C2

217.196.96.56:4138

Attributes
  • auth_value

    3491f24ae0250969cd45ce4b3fe77549

Targets

    • Target

      50100a111e859bd8a1371e78ddb40fb440f527420b1c40de82793a7e00ad7723

    • Size

      587KB

    • MD5

      a81cc9e938ed6f0369ca08db243e3a4d

    • SHA1

      e3443c94334caf10c0ea50cf7cc227e94774b4d5

    • SHA256

      50100a111e859bd8a1371e78ddb40fb440f527420b1c40de82793a7e00ad7723

    • SHA512

      9a775976a1a0151be1ddbe04a8295d575e16f1d64e15acba517c9d7378b5c0c8177b9ad8c272f15068e636291904eddeb2ac0614311d71a2c487274a6179d7c6

    • SSDEEP

      12288:3Mroy90Ltv6jYCt4drweRd/Lrp/u6tMBwRbqP6xIHM:3yaDg41wqL1sBw9zKs

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks