General

  • Target

    c3e2a6f61b9707637e58b6d077df43628896080d4602304c537fc73e1e6a7d9f

  • Size

    604KB

  • Sample

    241111-hnd5dsvhmf

  • MD5

    bcad8193483715e5e89bf225a10fb394

  • SHA1

    2d817d268e2a3ace7f5f4ff202ec2b5c1cf26a9a

  • SHA256

    c3e2a6f61b9707637e58b6d077df43628896080d4602304c537fc73e1e6a7d9f

  • SHA512

    0cdd0b7c67ecfccb0d949a3a5831894abc38738e9e0fce92d8af14b9de20481586b79b9bf1e32db08b7d0c58dce54ba976eec9384bddd4b0a54bec3f837b1171

  • SSDEEP

    12288:4Mr+y90S4DQiCc3rpCpcKWcJ1aXkSiXKu5xAMgxpG6y:2ygD5CcdChD0UDXjvAPxPy

Malware Config

Extracted

Family

redline

Botnet

daris

C2

217.196.96.56:4138

Attributes
  • auth_value

    3491f24ae0250969cd45ce4b3fe77549

Targets

    • Target

      c3e2a6f61b9707637e58b6d077df43628896080d4602304c537fc73e1e6a7d9f

    • Size

      604KB

    • MD5

      bcad8193483715e5e89bf225a10fb394

    • SHA1

      2d817d268e2a3ace7f5f4ff202ec2b5c1cf26a9a

    • SHA256

      c3e2a6f61b9707637e58b6d077df43628896080d4602304c537fc73e1e6a7d9f

    • SHA512

      0cdd0b7c67ecfccb0d949a3a5831894abc38738e9e0fce92d8af14b9de20481586b79b9bf1e32db08b7d0c58dce54ba976eec9384bddd4b0a54bec3f837b1171

    • SSDEEP

      12288:4Mr+y90S4DQiCc3rpCpcKWcJ1aXkSiXKu5xAMgxpG6y:2ygD5CcdChD0UDXjvAPxPy

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks