General

  • Target

    13b0078e232fe9734d1294f26fb871d12a6a46c1aa7fe035d39c4b7e272dc269

  • Size

    479KB

  • Sample

    241111-d4e96ssdkg

  • MD5

    cf89abb8db99637a5c9771095c12e2be

  • SHA1

    15f85be0eac5a0d40b410baeb20da9efb690604e

  • SHA256

    13b0078e232fe9734d1294f26fb871d12a6a46c1aa7fe035d39c4b7e272dc269

  • SHA512

    154113f3e280803fb7df15a09404d13a1961ad3da291da8b72b72e5d3a5f356df7aef3cc6d104ef303d6e11a1471aa7412e67ece339adfb44d7e56136a14fab7

  • SSDEEP

    6144:Kfy+bnr+Wp0yN90QEQ3Gi/e10QcveClQy7LIgRv9gB3VOG+RcU91ISol4G95kjFw:1Mrey90AQ0Tv5E13VCRcCNolziIrIk

Malware Config

Extracted

Family

redline

Botnet

daris

C2

217.196.96.56:4138

Attributes
  • auth_value

    3491f24ae0250969cd45ce4b3fe77549

Targets

    • Target

      13b0078e232fe9734d1294f26fb871d12a6a46c1aa7fe035d39c4b7e272dc269

    • Size

      479KB

    • MD5

      cf89abb8db99637a5c9771095c12e2be

    • SHA1

      15f85be0eac5a0d40b410baeb20da9efb690604e

    • SHA256

      13b0078e232fe9734d1294f26fb871d12a6a46c1aa7fe035d39c4b7e272dc269

    • SHA512

      154113f3e280803fb7df15a09404d13a1961ad3da291da8b72b72e5d3a5f356df7aef3cc6d104ef303d6e11a1471aa7412e67ece339adfb44d7e56136a14fab7

    • SSDEEP

      6144:Kfy+bnr+Wp0yN90QEQ3Gi/e10QcveClQy7LIgRv9gB3VOG+RcU91ISol4G95kjFw:1Mrey90AQ0Tv5E13VCRcCNolziIrIk

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks