General

  • Target

    0041b2bbc9ab753d10a43515b6ebdbcb0b6d793d6e2eb508815cb1a32019e20b

  • Size

    438KB

  • Sample

    241109-1cpqvssglp

  • MD5

    62c01c8eae45091f82ef676fa30bfe0f

  • SHA1

    38894ece32ba65e776632e39f4d9bdcc6d7c43fc

  • SHA256

    0041b2bbc9ab753d10a43515b6ebdbcb0b6d793d6e2eb508815cb1a32019e20b

  • SHA512

    66a5e97b71b11460c992065e84d10e88875802c0cfd9a7229aeded0a443ff140ae03a6de315bbac073f76baa3c985cb92be25a0edf2406298c880a4987da7223

  • SSDEEP

    6144:K8y+bnr+Dp0yN90QE/hreP7EklICpdFnUCdlAM9m2g3OrW0O9:wMrry90tu3IqDnUC78wW0O9

Malware Config

Extracted

Family

redline

Botnet

ronur

C2

193.233.20.20:4134

Attributes
  • auth_value

    f88f86755a528d4b25f6f3628c460965

Targets

    • Target

      0041b2bbc9ab753d10a43515b6ebdbcb0b6d793d6e2eb508815cb1a32019e20b

    • Size

      438KB

    • MD5

      62c01c8eae45091f82ef676fa30bfe0f

    • SHA1

      38894ece32ba65e776632e39f4d9bdcc6d7c43fc

    • SHA256

      0041b2bbc9ab753d10a43515b6ebdbcb0b6d793d6e2eb508815cb1a32019e20b

    • SHA512

      66a5e97b71b11460c992065e84d10e88875802c0cfd9a7229aeded0a443ff140ae03a6de315bbac073f76baa3c985cb92be25a0edf2406298c880a4987da7223

    • SSDEEP

      6144:K8y+bnr+Dp0yN90QE/hreP7EklICpdFnUCdlAM9m2g3OrW0O9:wMrry90tu3IqDnUC78wW0O9

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks