General

  • Target

    4d85bc38e0f98cc7251b831eff588ba268fa6c979ce5adc98b9fd87c1af0a8d4

  • Size

    603KB

  • Sample

    241111-gfmwwsvblf

  • MD5

    4cd18033feb28f4abb2f6f45118c4790

  • SHA1

    296e82de8ff251d51053be706feee1fa2cf254bf

  • SHA256

    4d85bc38e0f98cc7251b831eff588ba268fa6c979ce5adc98b9fd87c1af0a8d4

  • SHA512

    f053895f05d2dfd0267059a690eb7a8edc1e420af506ddf51048b90066b703e6fcae3c6781e5f2aa1b80eb56065d75bff8a64a00348db1e84bebebfdf3f489d6

  • SSDEEP

    12288:JMriy90RoMzEE32mYL51yXiZ5KfCTI8M4p3Jlu5xAMgxJw8sS27:jyvNE/syXijKW3JEvAPxJPm

Malware Config

Extracted

Family

redline

Botnet

daris

C2

217.196.96.56:4138

Attributes
  • auth_value

    3491f24ae0250969cd45ce4b3fe77549

Targets

    • Target

      4d85bc38e0f98cc7251b831eff588ba268fa6c979ce5adc98b9fd87c1af0a8d4

    • Size

      603KB

    • MD5

      4cd18033feb28f4abb2f6f45118c4790

    • SHA1

      296e82de8ff251d51053be706feee1fa2cf254bf

    • SHA256

      4d85bc38e0f98cc7251b831eff588ba268fa6c979ce5adc98b9fd87c1af0a8d4

    • SHA512

      f053895f05d2dfd0267059a690eb7a8edc1e420af506ddf51048b90066b703e6fcae3c6781e5f2aa1b80eb56065d75bff8a64a00348db1e84bebebfdf3f489d6

    • SSDEEP

      12288:JMriy90RoMzEE32mYL51yXiZ5KfCTI8M4p3Jlu5xAMgxJw8sS27:jyvNE/syXijKW3JEvAPxJPm

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks