General

  • Target

    912052718736e0d72cdd3ff9d6f00d2b27cc03463f2ee3b9c75f15f77d6f29e6

  • Size

    875KB

  • Sample

    241111-hs3zbawakg

  • MD5

    b9cf42e64cde9791ef84272f1fce102b

  • SHA1

    4df7a4c3f6687f8c91157a8ab4ab13def6502eca

  • SHA256

    912052718736e0d72cdd3ff9d6f00d2b27cc03463f2ee3b9c75f15f77d6f29e6

  • SHA512

    bc48b08826c566469b66aab8501b28376a76eb6f069363ce944baf01f7b813fed42f8e3bc2d61205070b4773476ad7a32a41c05ed8ec65f91dec2ee986bd6f19

  • SSDEEP

    24576:MykJ72FkCQ5WAmCXPbG8668zjtN/iZInQuBEPak2+7p:7CAfgmCXPXCHg0FSP

Malware Config

Extracted

Family

redline

Botnet

diora

C2

185.161.248.75:4132

Attributes
  • auth_value

    4c17e0c4a574a5b11a6e41e692dedcb3

Targets

    • Target

      912052718736e0d72cdd3ff9d6f00d2b27cc03463f2ee3b9c75f15f77d6f29e6

    • Size

      875KB

    • MD5

      b9cf42e64cde9791ef84272f1fce102b

    • SHA1

      4df7a4c3f6687f8c91157a8ab4ab13def6502eca

    • SHA256

      912052718736e0d72cdd3ff9d6f00d2b27cc03463f2ee3b9c75f15f77d6f29e6

    • SHA512

      bc48b08826c566469b66aab8501b28376a76eb6f069363ce944baf01f7b813fed42f8e3bc2d61205070b4773476ad7a32a41c05ed8ec65f91dec2ee986bd6f19

    • SSDEEP

      24576:MykJ72FkCQ5WAmCXPbG8668zjtN/iZInQuBEPak2+7p:7CAfgmCXPXCHg0FSP

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks