General

  • Target

    5d5fb431fb58b15e5f98a60b23523d24a3d624b97d17935183183dcdd0c02a8d

  • Size

    567KB

  • Sample

    241111-jxqp8awfqb

  • MD5

    61c7f2525dc0603d5404adf0067bd54f

  • SHA1

    4e169302fd635a039a31a7a6e6055e78ea4cf0ba

  • SHA256

    5d5fb431fb58b15e5f98a60b23523d24a3d624b97d17935183183dcdd0c02a8d

  • SHA512

    152a1f43d2bf217fbefe628e87fdd8ca8e41fc6b77f9a85ea30a3fc09bdcb43f61cdb52ace3d273b6baf216b4eca378dd71157c3dc9e25b712127112fa6a6629

  • SSDEEP

    12288:JMrPy90h/zipvi5/v0bTY+aboQPm6OX+EXHrqxh2t:2y2/h5X0bzt4t4vLjt

Malware Config

Extracted

Family

redline

Botnet

daris

C2

217.196.96.56:4138

Attributes
  • auth_value

    3491f24ae0250969cd45ce4b3fe77549

Targets

    • Target

      5d5fb431fb58b15e5f98a60b23523d24a3d624b97d17935183183dcdd0c02a8d

    • Size

      567KB

    • MD5

      61c7f2525dc0603d5404adf0067bd54f

    • SHA1

      4e169302fd635a039a31a7a6e6055e78ea4cf0ba

    • SHA256

      5d5fb431fb58b15e5f98a60b23523d24a3d624b97d17935183183dcdd0c02a8d

    • SHA512

      152a1f43d2bf217fbefe628e87fdd8ca8e41fc6b77f9a85ea30a3fc09bdcb43f61cdb52ace3d273b6baf216b4eca378dd71157c3dc9e25b712127112fa6a6629

    • SSDEEP

      12288:JMrPy90h/zipvi5/v0bTY+aboQPm6OX+EXHrqxh2t:2y2/h5X0bzt4t4vLjt

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks