General

  • Target

    6790625ce4413f2c74c7c14b5dbadb20d54200bfa7564c56a2817d2771137e3b

  • Size

    479KB

  • Sample

    241111-kf42yswfqp

  • MD5

    f4c21957789821f9d20cde4c0b4472b4

  • SHA1

    f1057e4c6cb96107f7fbdb00712542ca1c1d66a6

  • SHA256

    6790625ce4413f2c74c7c14b5dbadb20d54200bfa7564c56a2817d2771137e3b

  • SHA512

    f8e60b5e86c0610434ae8986c8011fa48f9fdfe7fbeee0cf580f8006ca985f17f991c66c3a71cdd449ef7e5d9684058fb21ceb1f09bd6063710947ede1928f56

  • SSDEEP

    12288:oMray90PTp6xMjvdFBAAFxFvc+U3MIn6Qh:iyfG1FBAA9vcvcInx

Malware Config

Extracted

Family

redline

Botnet

daris

C2

217.196.96.56:4138

Attributes
  • auth_value

    3491f24ae0250969cd45ce4b3fe77549

Targets

    • Target

      6790625ce4413f2c74c7c14b5dbadb20d54200bfa7564c56a2817d2771137e3b

    • Size

      479KB

    • MD5

      f4c21957789821f9d20cde4c0b4472b4

    • SHA1

      f1057e4c6cb96107f7fbdb00712542ca1c1d66a6

    • SHA256

      6790625ce4413f2c74c7c14b5dbadb20d54200bfa7564c56a2817d2771137e3b

    • SHA512

      f8e60b5e86c0610434ae8986c8011fa48f9fdfe7fbeee0cf580f8006ca985f17f991c66c3a71cdd449ef7e5d9684058fb21ceb1f09bd6063710947ede1928f56

    • SSDEEP

      12288:oMray90PTp6xMjvdFBAAFxFvc+U3MIn6Qh:iyfG1FBAA9vcvcInx

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks