General

  • Target

    ff7ea0bc8fa371abc258eb5ee5b240022337e77013f7c4c8534847c4cf88bdd5

  • Size

    480KB

  • Sample

    241111-bmewzazbrc

  • MD5

    47004236a06c43c30bcb12a2589646cc

  • SHA1

    251e473433f3fbe28c83e4e02cd86af947cf6ea2

  • SHA256

    ff7ea0bc8fa371abc258eb5ee5b240022337e77013f7c4c8534847c4cf88bdd5

  • SHA512

    52be21157e0297877d082783780d934d79939a4322595ad31234af4e70ef48980144c51f44dda74197cd78012bb93ed72c39bab22c9c162d39618f67efd9da95

  • SSDEEP

    12288:1MrSy90I9o5wA/H2KwsuwHwYAFN3Aghm2HW:nyl+WKwsSlrA+pW

Malware Config

Extracted

Family

redline

Botnet

daris

C2

217.196.96.56:4138

Attributes
  • auth_value

    3491f24ae0250969cd45ce4b3fe77549

Targets

    • Target

      ff7ea0bc8fa371abc258eb5ee5b240022337e77013f7c4c8534847c4cf88bdd5

    • Size

      480KB

    • MD5

      47004236a06c43c30bcb12a2589646cc

    • SHA1

      251e473433f3fbe28c83e4e02cd86af947cf6ea2

    • SHA256

      ff7ea0bc8fa371abc258eb5ee5b240022337e77013f7c4c8534847c4cf88bdd5

    • SHA512

      52be21157e0297877d082783780d934d79939a4322595ad31234af4e70ef48980144c51f44dda74197cd78012bb93ed72c39bab22c9c162d39618f67efd9da95

    • SSDEEP

      12288:1MrSy90I9o5wA/H2KwsuwHwYAFN3Aghm2HW:nyl+WKwsSlrA+pW

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks