General

  • Target

    12023ac56643e3ebe05695937d427673a241939a4342786411a698adcb02683e

  • Size

    587KB

  • Sample

    241111-hacz6svckj

  • MD5

    945756156f4c3fe9ec7a86267ced9d68

  • SHA1

    ad64acc83eb523ca4a0757bdb590ff46be8ac56f

  • SHA256

    12023ac56643e3ebe05695937d427673a241939a4342786411a698adcb02683e

  • SHA512

    e5c6eb1399360e7b2dc00b61df6740091b5c0c1108e0a85e768743c459310ac070df05774bde1da41c805667d6712d782f32e788ac390e31fe7eb8a63737a149

  • SSDEEP

    12288:QMrVy90slhOIqcINDxtI2/+sMNNMGMZq9MBNV4195J5OC6:Vyz7jINDBmNmXqKDU9o

Malware Config

Extracted

Family

redline

Botnet

daris

C2

217.196.96.56:4138

Attributes
  • auth_value

    3491f24ae0250969cd45ce4b3fe77549

Targets

    • Target

      12023ac56643e3ebe05695937d427673a241939a4342786411a698adcb02683e

    • Size

      587KB

    • MD5

      945756156f4c3fe9ec7a86267ced9d68

    • SHA1

      ad64acc83eb523ca4a0757bdb590ff46be8ac56f

    • SHA256

      12023ac56643e3ebe05695937d427673a241939a4342786411a698adcb02683e

    • SHA512

      e5c6eb1399360e7b2dc00b61df6740091b5c0c1108e0a85e768743c459310ac070df05774bde1da41c805667d6712d782f32e788ac390e31fe7eb8a63737a149

    • SSDEEP

      12288:QMrVy90slhOIqcINDxtI2/+sMNNMGMZq9MBNV4195J5OC6:Vyz7jINDBmNmXqKDU9o

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks