General

  • Target

    e710b3d21b0545e92f378c759c6f572dfa4ff3a7c49a9663b6c23337fd869956

  • Size

    480KB

  • Sample

    241111-htcthsymcl

  • MD5

    882ab2482eb28db1b5494f1815887de9

  • SHA1

    ad539afb68362e29bb56a7f00f547125843a0155

  • SHA256

    e710b3d21b0545e92f378c759c6f572dfa4ff3a7c49a9663b6c23337fd869956

  • SHA512

    669f80bd65fb551eed61570fb82fce689934a1b1190f28ab61b1ce7b0a3c398576231d7121371957c169a943813f6ca055f8608508c7d7ebc7ee2dca56e8422a

  • SSDEEP

    12288:EMrGy90CFr1BE/GsFqkL+uI+JxZxQ5EeS:CyWYkL+u9ME/

Malware Config

Extracted

Family

redline

Botnet

douma

C2

217.196.96.101:4132

Attributes
  • auth_value

    e7c0659b5f9d26f2f97df8d25fefbb44

Targets

    • Target

      e710b3d21b0545e92f378c759c6f572dfa4ff3a7c49a9663b6c23337fd869956

    • Size

      480KB

    • MD5

      882ab2482eb28db1b5494f1815887de9

    • SHA1

      ad539afb68362e29bb56a7f00f547125843a0155

    • SHA256

      e710b3d21b0545e92f378c759c6f572dfa4ff3a7c49a9663b6c23337fd869956

    • SHA512

      669f80bd65fb551eed61570fb82fce689934a1b1190f28ab61b1ce7b0a3c398576231d7121371957c169a943813f6ca055f8608508c7d7ebc7ee2dca56e8422a

    • SSDEEP

      12288:EMrGy90CFr1BE/GsFqkL+uI+JxZxQ5EeS:CyWYkL+u9ME/

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks