General

  • Target

    800f15ab20f6ac3b2799b493b3190262a923fbfdb085c94fbad3cf41bccfb2a0

  • Size

    480KB

  • Sample

    241111-gv37esvdkd

  • MD5

    6ff62ca978a347daa0ab5a940a300279

  • SHA1

    313237c86f0f656a33d7cd8596a57490c8b01576

  • SHA256

    800f15ab20f6ac3b2799b493b3190262a923fbfdb085c94fbad3cf41bccfb2a0

  • SHA512

    50d85ca15eeeabcbff128dabcc6f57e2cd470661e6ceafc89b9a80350e0f6e10598f1312ce5e930510244ab73015253eff0cd794c3886e8e50d70c146eac4aa1

  • SSDEEP

    6144:KUy+bnr+Ap0yN90QEAY+0ZCmDzB7vhgFP55/tvqlba7pX7KQ8vWYcC+BbRznWkre:UMr4y90GWDDVveUbsKrV+vzrDSy8

Malware Config

Extracted

Family

redline

Botnet

daris

C2

217.196.96.56:4138

Attributes
  • auth_value

    3491f24ae0250969cd45ce4b3fe77549

Targets

    • Target

      800f15ab20f6ac3b2799b493b3190262a923fbfdb085c94fbad3cf41bccfb2a0

    • Size

      480KB

    • MD5

      6ff62ca978a347daa0ab5a940a300279

    • SHA1

      313237c86f0f656a33d7cd8596a57490c8b01576

    • SHA256

      800f15ab20f6ac3b2799b493b3190262a923fbfdb085c94fbad3cf41bccfb2a0

    • SHA512

      50d85ca15eeeabcbff128dabcc6f57e2cd470661e6ceafc89b9a80350e0f6e10598f1312ce5e930510244ab73015253eff0cd794c3886e8e50d70c146eac4aa1

    • SSDEEP

      6144:KUy+bnr+Ap0yN90QEAY+0ZCmDzB7vhgFP55/tvqlba7pX7KQ8vWYcC+BbRznWkre:UMr4y90GWDDVveUbsKrV+vzrDSy8

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks