General

  • Target

    f82e79d50e16d58655fd1ce0114212e362be13b29f17baf70f8e565e20274987

  • Size

    441KB

  • Sample

    241109-1ccrassfnf

  • MD5

    fdbe2f15b37ea7083d8af28dca420e2f

  • SHA1

    bc087529e5ae4c4df8c62acc0732d54d8b5d996e

  • SHA256

    f82e79d50e16d58655fd1ce0114212e362be13b29f17baf70f8e565e20274987

  • SHA512

    efb5067aa2ac9ab8b28db5d40762998a0321ce85615a61534397eaca5f5dbb1924eb84a88a1de7e9bd1f84c0dcd4d1cac19c47dba506a784d44dcd7364de7ab9

  • SSDEEP

    12288:NMrQy90vOuiXeKJA/LokpJ+y39L+U4hCCHV8:By4ONXAZp0yb4B18

Malware Config

Extracted

Family

redline

Botnet

ramon

C2

193.233.20.23:4123

Attributes
  • auth_value

    3197576965d9513f115338c233015b40

Targets

    • Target

      f82e79d50e16d58655fd1ce0114212e362be13b29f17baf70f8e565e20274987

    • Size

      441KB

    • MD5

      fdbe2f15b37ea7083d8af28dca420e2f

    • SHA1

      bc087529e5ae4c4df8c62acc0732d54d8b5d996e

    • SHA256

      f82e79d50e16d58655fd1ce0114212e362be13b29f17baf70f8e565e20274987

    • SHA512

      efb5067aa2ac9ab8b28db5d40762998a0321ce85615a61534397eaca5f5dbb1924eb84a88a1de7e9bd1f84c0dcd4d1cac19c47dba506a784d44dcd7364de7ab9

    • SSDEEP

      12288:NMrQy90vOuiXeKJA/LokpJ+y39L+U4hCCHV8:By4ONXAZp0yb4B18

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks