General

  • Target

    7df622f1d050a5161f0627b239e6ed860a8af0952a2c40080a80adada3eaaa46

  • Size

    587KB

  • Sample

    241111-fm63nssngt

  • MD5

    6b96a132d4fcdec912ac7f30de9edce9

  • SHA1

    64815d3f7115c0a00cd578a14f76559a2b5e6157

  • SHA256

    7df622f1d050a5161f0627b239e6ed860a8af0952a2c40080a80adada3eaaa46

  • SHA512

    ff51fccf32d04d395948b43f6a80b0db53310fd49262375d7cc82b6b22f4ae6167baf70abb63bada1cc316086b98096604d7012d28e82ef47294a463d29c2927

  • SSDEEP

    12288:6Mrwy90OI5VvjP1uMQi2wcMI4KP8DRCMvSzMGEqHixjb:6y2j8W2wwwDGEqHMX

Malware Config

Extracted

Family

redline

Botnet

daris

C2

217.196.96.56:4138

Attributes
  • auth_value

    3491f24ae0250969cd45ce4b3fe77549

Targets

    • Target

      7df622f1d050a5161f0627b239e6ed860a8af0952a2c40080a80adada3eaaa46

    • Size

      587KB

    • MD5

      6b96a132d4fcdec912ac7f30de9edce9

    • SHA1

      64815d3f7115c0a00cd578a14f76559a2b5e6157

    • SHA256

      7df622f1d050a5161f0627b239e6ed860a8af0952a2c40080a80adada3eaaa46

    • SHA512

      ff51fccf32d04d395948b43f6a80b0db53310fd49262375d7cc82b6b22f4ae6167baf70abb63bada1cc316086b98096604d7012d28e82ef47294a463d29c2927

    • SSDEEP

      12288:6Mrwy90OI5VvjP1uMQi2wcMI4KP8DRCMvSzMGEqHixjb:6y2j8W2wwwDGEqHMX

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks