General

  • Target

    948771c3987b05dd07cc2cd82c91dd115580dbd2ffedfd2e22a5190c5a4cb3ee

  • Size

    600KB

  • Sample

    241111-mk8baaxmdw

  • MD5

    349c6d8310cdbd6fedf14ee138e96b20

  • SHA1

    c196bf22eeb85526c368b7527aef83e0fe273f56

  • SHA256

    948771c3987b05dd07cc2cd82c91dd115580dbd2ffedfd2e22a5190c5a4cb3ee

  • SHA512

    7f9f8c2bfdf51dd255ad53c7959ade600033f7404bdd9b5ad01471535d88993d71904dadf468ca98187af4ffc7624a2e0104c5b8c70235f55ddf93b9e0f93a7a

  • SSDEEP

    12288:dMruy90RZWkPxX6el2rFcLQSGR06kdtG984tzJ7K9C:DyOEktPl2ZccQc984tzJ7K9C

Malware Config

Extracted

Family

redline

Botnet

daris

C2

217.196.96.56:4138

Attributes
  • auth_value

    3491f24ae0250969cd45ce4b3fe77549

Targets

    • Target

      948771c3987b05dd07cc2cd82c91dd115580dbd2ffedfd2e22a5190c5a4cb3ee

    • Size

      600KB

    • MD5

      349c6d8310cdbd6fedf14ee138e96b20

    • SHA1

      c196bf22eeb85526c368b7527aef83e0fe273f56

    • SHA256

      948771c3987b05dd07cc2cd82c91dd115580dbd2ffedfd2e22a5190c5a4cb3ee

    • SHA512

      7f9f8c2bfdf51dd255ad53c7959ade600033f7404bdd9b5ad01471535d88993d71904dadf468ca98187af4ffc7624a2e0104c5b8c70235f55ddf93b9e0f93a7a

    • SSDEEP

      12288:dMruy90RZWkPxX6el2rFcLQSGR06kdtG984tzJ7K9C:DyOEktPl2ZccQc984tzJ7K9C

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks