General

  • Target

    0198a626f4977b56d9c771e8404fbfd51518609fa4bb6743492e82de51d23cf3

  • Size

    441KB

  • Sample

    241109-1ktpsawjel

  • MD5

    813887abd461894bae362c19ab1987ef

  • SHA1

    753c175852c9db1fa34e231fd69cd46a3c831125

  • SHA256

    0198a626f4977b56d9c771e8404fbfd51518609fa4bb6743492e82de51d23cf3

  • SHA512

    eb67df40354a6a391d00cd9550893d552cfd7459090c23d5520a7feb88237c98b24e9ea16369922c7e6f81dcd76ba6b32453a6d015b4bad62bb6d410c59fb5c3

  • SSDEEP

    12288:YMrIy90HJlj7LYxjzLvzGsl/F1HazKFW7:QykjLY5zLvCYTH0KF6

Malware Config

Extracted

Family

redline

Botnet

ramon

C2

193.233.20.23:4123

Attributes
  • auth_value

    3197576965d9513f115338c233015b40

Targets

    • Target

      0198a626f4977b56d9c771e8404fbfd51518609fa4bb6743492e82de51d23cf3

    • Size

      441KB

    • MD5

      813887abd461894bae362c19ab1987ef

    • SHA1

      753c175852c9db1fa34e231fd69cd46a3c831125

    • SHA256

      0198a626f4977b56d9c771e8404fbfd51518609fa4bb6743492e82de51d23cf3

    • SHA512

      eb67df40354a6a391d00cd9550893d552cfd7459090c23d5520a7feb88237c98b24e9ea16369922c7e6f81dcd76ba6b32453a6d015b4bad62bb6d410c59fb5c3

    • SSDEEP

      12288:YMrIy90HJlj7LYxjzLvzGsl/F1HazKFW7:QykjLY5zLvCYTH0KF6

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks