General

  • Target

    8d595c827a49916221d6b77343b86d36d04850ae34459c4a333b421a8f534ae6

  • Size

    567KB

  • Sample

    241111-bsajfazcre

  • MD5

    64b4d1929a43b783b7376d4e01da0015

  • SHA1

    09cb7e9cad00cf3a484e8ae29499557c90d46244

  • SHA256

    8d595c827a49916221d6b77343b86d36d04850ae34459c4a333b421a8f534ae6

  • SHA512

    45db0d7ced9b1a7c3d8b9beff7b50238637a5bbe40b306cf33a2ca593cdb4927a78cada823d4a42e0e9d3a5a502bad4217447409d37206d90371cc9245a3ff43

  • SSDEEP

    12288:vMr9y9091OI6NdomLJMXvgbj00bUYc9TP59WzUc0y1Xf3AfToFrWX:uy+QpAvgXZq9TR9VcBX4

Malware Config

Extracted

Family

redline

Botnet

darm

C2

217.196.96.56:4138

Attributes
  • auth_value

    d88ac8ccc04ab9979b04b46313db1648

Targets

    • Target

      8d595c827a49916221d6b77343b86d36d04850ae34459c4a333b421a8f534ae6

    • Size

      567KB

    • MD5

      64b4d1929a43b783b7376d4e01da0015

    • SHA1

      09cb7e9cad00cf3a484e8ae29499557c90d46244

    • SHA256

      8d595c827a49916221d6b77343b86d36d04850ae34459c4a333b421a8f534ae6

    • SHA512

      45db0d7ced9b1a7c3d8b9beff7b50238637a5bbe40b306cf33a2ca593cdb4927a78cada823d4a42e0e9d3a5a502bad4217447409d37206d90371cc9245a3ff43

    • SSDEEP

      12288:vMr9y9091OI6NdomLJMXvgbj00bUYc9TP59WzUc0y1Xf3AfToFrWX:uy+QpAvgXZq9TR9VcBX4

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks