General

  • Target

    b89cf45e336b026622a66b9a2a4a4194346ddf25337e2199ec857a1c36efe589

  • Size

    585KB

  • Sample

    241109-16qj9asnew

  • MD5

    885eb5118f4f2752b5ba990424289658

  • SHA1

    411202b26a8250f513324a9185a891eb5ddc6411

  • SHA256

    b89cf45e336b026622a66b9a2a4a4194346ddf25337e2199ec857a1c36efe589

  • SHA512

    1dd8ac7e831b77ba2fd4cc7a1eb7277f643229124b46fbbb337161a1cad114435e1f6b96214e55d69ec5dbe388b6f28e40095ca9cd64db7b040f41e46acf7766

  • SSDEEP

    12288:mMrgy90nfatkrGwZAF7/13fmVDl9Ivsxah:CyGTGwZAF7/13fm39II4

Malware Config

Extracted

Family

redline

Botnet

ronam

C2

193.233.20.17:4139

Attributes
  • auth_value

    125421d19d14dd7fd211bc7f6d4aea6c

Targets

    • Target

      b89cf45e336b026622a66b9a2a4a4194346ddf25337e2199ec857a1c36efe589

    • Size

      585KB

    • MD5

      885eb5118f4f2752b5ba990424289658

    • SHA1

      411202b26a8250f513324a9185a891eb5ddc6411

    • SHA256

      b89cf45e336b026622a66b9a2a4a4194346ddf25337e2199ec857a1c36efe589

    • SHA512

      1dd8ac7e831b77ba2fd4cc7a1eb7277f643229124b46fbbb337161a1cad114435e1f6b96214e55d69ec5dbe388b6f28e40095ca9cd64db7b040f41e46acf7766

    • SSDEEP

      12288:mMrgy90nfatkrGwZAF7/13fmVDl9Ivsxah:CyGTGwZAF7/13fm39II4

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks