General

  • Target

    db55ed05b3ff0f5d19df28a056b5fcb304e60e4cf37e32b3ea428cd85490c8d3

  • Size

    479KB

  • Sample

    241111-j8mspszlgr

  • MD5

    39bcbf3624c15ff55009c9cff0f266cc

  • SHA1

    39bf28b3fd43f88fc0132716a96e758d621aaa45

  • SHA256

    db55ed05b3ff0f5d19df28a056b5fcb304e60e4cf37e32b3ea428cd85490c8d3

  • SHA512

    88702dd089f93ed202811ac4ffd13468f4aa3173bee2bca9abcb902589957d611393a44e249d19d7a152691521d485c2fd760db3ad1e5f5e47f49cda8d664c68

  • SSDEEP

    6144:KDy+bnr+cp0yN90QEqVBNOLNeWsPY7ASm43TwH6BDq5rNNg9IhHZaltEQcBTAZZI:RMrEy90QeAYsIMHSer/kP1cTkZI

Malware Config

Extracted

Family

redline

Botnet

daris

C2

217.196.96.56:4138

Attributes
  • auth_value

    3491f24ae0250969cd45ce4b3fe77549

Targets

    • Target

      db55ed05b3ff0f5d19df28a056b5fcb304e60e4cf37e32b3ea428cd85490c8d3

    • Size

      479KB

    • MD5

      39bcbf3624c15ff55009c9cff0f266cc

    • SHA1

      39bf28b3fd43f88fc0132716a96e758d621aaa45

    • SHA256

      db55ed05b3ff0f5d19df28a056b5fcb304e60e4cf37e32b3ea428cd85490c8d3

    • SHA512

      88702dd089f93ed202811ac4ffd13468f4aa3173bee2bca9abcb902589957d611393a44e249d19d7a152691521d485c2fd760db3ad1e5f5e47f49cda8d664c68

    • SSDEEP

      6144:KDy+bnr+cp0yN90QEqVBNOLNeWsPY7ASm43TwH6BDq5rNNg9IhHZaltEQcBTAZZI:RMrEy90QeAYsIMHSer/kP1cTkZI

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks