General

  • Target

    3e6778fca9ba57e859e3882f6ecbb52c039905d7ce74ac28ffa7199383e2ff8a

  • Size

    635KB

  • Sample

    241109-1b8gks1rdy

  • MD5

    73dc06ce0dab3226a08cbf9b4266ec4a

  • SHA1

    3ecc9dc261be935368b38239ac0fd329859c2572

  • SHA256

    3e6778fca9ba57e859e3882f6ecbb52c039905d7ce74ac28ffa7199383e2ff8a

  • SHA512

    b68cb11ef5182e0e49a360b0a9df03d32d63ad32370a4db789b37580cdbefb507877c720ac1d700b9500a5e333f7d3218b9b76a771958786c36951253bf16a68

  • SSDEEP

    12288:dMrSy90Y6JITKVGgrSg4AG2rB+3y7wJnPzksCnqNYHyHKq7/wq:nyd6HVGu4++3y74eqNZ7B

Malware Config

Extracted

Family

redline

Botnet

ruma

C2

193.233.20.13:4136

Attributes
  • auth_value

    647d00dfaba082a4a30f383bca5d1a2a

Targets

    • Target

      3e6778fca9ba57e859e3882f6ecbb52c039905d7ce74ac28ffa7199383e2ff8a

    • Size

      635KB

    • MD5

      73dc06ce0dab3226a08cbf9b4266ec4a

    • SHA1

      3ecc9dc261be935368b38239ac0fd329859c2572

    • SHA256

      3e6778fca9ba57e859e3882f6ecbb52c039905d7ce74ac28ffa7199383e2ff8a

    • SHA512

      b68cb11ef5182e0e49a360b0a9df03d32d63ad32370a4db789b37580cdbefb507877c720ac1d700b9500a5e333f7d3218b9b76a771958786c36951253bf16a68

    • SSDEEP

      12288:dMrSy90Y6JITKVGgrSg4AG2rB+3y7wJnPzksCnqNYHyHKq7/wq:nyd6HVGu4++3y74eqNZ7B

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks