General

  • Target

    adc5479ce5bca7896b6fb98c16cc984d1638eb4a5069fa8d6f108c781578b4f4

  • Size

    478KB

  • Sample

    241111-hs2fgsymcj

  • MD5

    b97b704797b6d0aabeda3e51396411e0

  • SHA1

    244e65555ae7dcd0f1b21ee058b38c95ec69ffdd

  • SHA256

    adc5479ce5bca7896b6fb98c16cc984d1638eb4a5069fa8d6f108c781578b4f4

  • SHA512

    56c4bd728b3af13e71aa056c315555c1d5d5371d2f3e188e35fba1bf943fb9cf1cca665dc7a634362cb934e48661a59011e0e43cc300b8018349c16f0a454a4c

  • SSDEEP

    12288:FMr4y903+ptiFljomtCDEEG8HuOfxch9t9ZnfwST:JyyDwg8OnjZxT

Malware Config

Extracted

Family

redline

Botnet

divan

C2

217.196.96.102:4132

Attributes
  • auth_value

    b414986bebd7f5a3ec9aee0341b8e769

Targets

    • Target

      adc5479ce5bca7896b6fb98c16cc984d1638eb4a5069fa8d6f108c781578b4f4

    • Size

      478KB

    • MD5

      b97b704797b6d0aabeda3e51396411e0

    • SHA1

      244e65555ae7dcd0f1b21ee058b38c95ec69ffdd

    • SHA256

      adc5479ce5bca7896b6fb98c16cc984d1638eb4a5069fa8d6f108c781578b4f4

    • SHA512

      56c4bd728b3af13e71aa056c315555c1d5d5371d2f3e188e35fba1bf943fb9cf1cca665dc7a634362cb934e48661a59011e0e43cc300b8018349c16f0a454a4c

    • SSDEEP

      12288:FMr4y903+ptiFljomtCDEEG8HuOfxch9t9ZnfwST:JyyDwg8OnjZxT

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks