General

  • Target

    0c903acd8212b0e7d09f9a8c6a7ce909377951efb05ddd325ada1f374b06d30d

  • Size

    566KB

  • Sample

    241111-e2dh8ssgll

  • MD5

    ffdbf2c5ae59e0d6f7947638752e9249

  • SHA1

    b6afeeec0198029e5ea0315790ef056ef5b64ef8

  • SHA256

    0c903acd8212b0e7d09f9a8c6a7ce909377951efb05ddd325ada1f374b06d30d

  • SHA512

    753efa4f5261689f2313359b1be2cae2c690a8fe243ed498597a80fc576571f2ce09c294ab3c774c01529dcd4ec4428911640c365615fb457ce077762ae7b7b6

  • SSDEEP

    12288:6Mr7y90PNOqvGneju5AQBqvoqFcfEBrrE2OHg2yOAYIr6rkBEr:5yQOIG3ADAqFoirrE2h+AYxkC

Malware Config

Extracted

Family

redline

Botnet

darm

C2

217.196.96.56:4138

Attributes
  • auth_value

    d88ac8ccc04ab9979b04b46313db1648

Targets

    • Target

      0c903acd8212b0e7d09f9a8c6a7ce909377951efb05ddd325ada1f374b06d30d

    • Size

      566KB

    • MD5

      ffdbf2c5ae59e0d6f7947638752e9249

    • SHA1

      b6afeeec0198029e5ea0315790ef056ef5b64ef8

    • SHA256

      0c903acd8212b0e7d09f9a8c6a7ce909377951efb05ddd325ada1f374b06d30d

    • SHA512

      753efa4f5261689f2313359b1be2cae2c690a8fe243ed498597a80fc576571f2ce09c294ab3c774c01529dcd4ec4428911640c365615fb457ce077762ae7b7b6

    • SSDEEP

      12288:6Mr7y90PNOqvGneju5AQBqvoqFcfEBrrE2OHg2yOAYIr6rkBEr:5yQOIG3ADAqFoirrE2h+AYxkC

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks