General

  • Target

    c57da98e17ee17c4d6e35089c899ac5df6a6ecb68be7fa6074d445dc108c0149

  • Size

    440KB

  • Sample

    241109-1cvbcasfpd

  • MD5

    945aa3c8f40687ab3a9dad2d92122f7f

  • SHA1

    e6a2012f3324d0aa7a85aa10ecc3ca594a064264

  • SHA256

    c57da98e17ee17c4d6e35089c899ac5df6a6ecb68be7fa6074d445dc108c0149

  • SHA512

    8264e08aafc2cb135b81f66cc58530d4cc6d8cc0b3f6fd43f923fe4135483cad9461c70004e067c746f66187d6d9ca8e4ab3158c4cf525d075e9fece60c6866b

  • SSDEEP

    12288:GMrqy90dc/tcud3QUcmivkHBBKH7O4DL6L9Xr:syqclnivQQy4DeZr

Malware Config

Extracted

Family

redline

Botnet

ramon

C2

193.233.20.23:4123

Attributes
  • auth_value

    3197576965d9513f115338c233015b40

Targets

    • Target

      c57da98e17ee17c4d6e35089c899ac5df6a6ecb68be7fa6074d445dc108c0149

    • Size

      440KB

    • MD5

      945aa3c8f40687ab3a9dad2d92122f7f

    • SHA1

      e6a2012f3324d0aa7a85aa10ecc3ca594a064264

    • SHA256

      c57da98e17ee17c4d6e35089c899ac5df6a6ecb68be7fa6074d445dc108c0149

    • SHA512

      8264e08aafc2cb135b81f66cc58530d4cc6d8cc0b3f6fd43f923fe4135483cad9461c70004e067c746f66187d6d9ca8e4ab3158c4cf525d075e9fece60c6866b

    • SSDEEP

      12288:GMrqy90dc/tcud3QUcmivkHBBKH7O4DL6L9Xr:syqclnivQQy4DeZr

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks