General

  • Target

    b03677b8ed25f0fedb608b1f5662b175c2675841e6c70b2d88e4c8000b71b735

  • Size

    567KB

  • Sample

    241111-fwls4atfrd

  • MD5

    e33b8b0c8cc3fff2f438eea155af1d90

  • SHA1

    ffd4bec88cc69c83be5413e5e0b8b80ca62f23cd

  • SHA256

    b03677b8ed25f0fedb608b1f5662b175c2675841e6c70b2d88e4c8000b71b735

  • SHA512

    d7d579f1880965e5ad84c1e7d337c731f78012f47db2ddccd42b5101166b35e14a0c41c9c10f1a37f96573b515759fb8d28f4e9df370aa143b93f527c7a18c8d

  • SSDEEP

    12288:3MrLy90Wr4s7i7FXz0+rM3lq8MRzRpJdt2mihPPls+:UyRr4sG7FD0hVq88zdLihPT

Malware Config

Extracted

Family

redline

Botnet

daris

C2

217.196.96.56:4138

Attributes
  • auth_value

    3491f24ae0250969cd45ce4b3fe77549

Targets

    • Target

      b03677b8ed25f0fedb608b1f5662b175c2675841e6c70b2d88e4c8000b71b735

    • Size

      567KB

    • MD5

      e33b8b0c8cc3fff2f438eea155af1d90

    • SHA1

      ffd4bec88cc69c83be5413e5e0b8b80ca62f23cd

    • SHA256

      b03677b8ed25f0fedb608b1f5662b175c2675841e6c70b2d88e4c8000b71b735

    • SHA512

      d7d579f1880965e5ad84c1e7d337c731f78012f47db2ddccd42b5101166b35e14a0c41c9c10f1a37f96573b515759fb8d28f4e9df370aa143b93f527c7a18c8d

    • SSDEEP

      12288:3MrLy90Wr4s7i7FXz0+rM3lq8MRzRpJdt2mihPPls+:UyRr4sG7FD0hVq88zdLihPT

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks