General

  • Target

    39b01eab315a535248fd167a6f90130c744c0df106f8b8746f0ccc0f0c3069ae

  • Size

    764KB

  • Sample

    241104-2fpqpsyejh

  • MD5

    0a30a3d47afa3c6bf1b4c8af4dfbded9

  • SHA1

    e013b8b8ec9aac9f62ccf494423f2d8fd3a7c6c3

  • SHA256

    39b01eab315a535248fd167a6f90130c744c0df106f8b8746f0ccc0f0c3069ae

  • SHA512

    8876699234c90dfaef87948730b261dde3a56cae498aae254c11d76e29a85eea8dd98d77831d4d3f2f617595131bcca314cebda593784375370a761bbd152371

  • SSDEEP

    12288:dMrey90wDWczouWo+z3exYTtBGwXNJOXELAJzopLT6GQmPBARygovA5Ug:/y99ue+BhdgkA5inn5AIgovA5T

Malware Config

Extracted

Family

redline

Botnet

romik

C2

193.233.20.12:4132

Attributes
  • auth_value

    8fb78d2889ba0ca42678b59b884e88ff

Targets

    • Target

      39b01eab315a535248fd167a6f90130c744c0df106f8b8746f0ccc0f0c3069ae

    • Size

      764KB

    • MD5

      0a30a3d47afa3c6bf1b4c8af4dfbded9

    • SHA1

      e013b8b8ec9aac9f62ccf494423f2d8fd3a7c6c3

    • SHA256

      39b01eab315a535248fd167a6f90130c744c0df106f8b8746f0ccc0f0c3069ae

    • SHA512

      8876699234c90dfaef87948730b261dde3a56cae498aae254c11d76e29a85eea8dd98d77831d4d3f2f617595131bcca314cebda593784375370a761bbd152371

    • SSDEEP

      12288:dMrey90wDWczouWo+z3exYTtBGwXNJOXELAJzopLT6GQmPBARygovA5Ug:/y99ue+BhdgkA5inn5AIgovA5T

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks