General

  • Target

    46d26bb923ed84a832ed39569865551f919e6e4bda5b6c27e2d325672f716436

  • Size

    770KB

  • Sample

    241104-2h4yeayeng

  • MD5

    d06879fe8941e0f8e96d59e32ffb0dd9

  • SHA1

    c28d40b456ea4e437de3a461b0a6679583756ddb

  • SHA256

    46d26bb923ed84a832ed39569865551f919e6e4bda5b6c27e2d325672f716436

  • SHA512

    7758690d78db23a7dea920a9c2b67d4e5981939a51e6dc3ec02a72bdc90c41f7f94b4f12158145baa2c9a6df788985a356f013aeab2215c1cc14bb99fa48156e

  • SSDEEP

    12288:UMrBy903wMxGRFNvnplOHhU/hGW55xYe5TSX57Xvwx/LhSd/6UUHesVY8xJHqVDn:dyGOXvDLL55xYY0S/LhSd/6ZHzd3KVL

Malware Config

Extracted

Family

redline

Botnet

romik

C2

193.233.20.12:4132

Attributes
  • auth_value

    8fb78d2889ba0ca42678b59b884e88ff

Targets

    • Target

      46d26bb923ed84a832ed39569865551f919e6e4bda5b6c27e2d325672f716436

    • Size

      770KB

    • MD5

      d06879fe8941e0f8e96d59e32ffb0dd9

    • SHA1

      c28d40b456ea4e437de3a461b0a6679583756ddb

    • SHA256

      46d26bb923ed84a832ed39569865551f919e6e4bda5b6c27e2d325672f716436

    • SHA512

      7758690d78db23a7dea920a9c2b67d4e5981939a51e6dc3ec02a72bdc90c41f7f94b4f12158145baa2c9a6df788985a356f013aeab2215c1cc14bb99fa48156e

    • SSDEEP

      12288:UMrBy903wMxGRFNvnplOHhU/hGW55xYe5TSX57Xvwx/LhSd/6UUHesVY8xJHqVDn:dyGOXvDLL55xYY0S/LhSd/6ZHzd3KVL

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks