General

  • Target

    f43149b9dbfad4b9a1e31755b8c236b394d81368bcae51c6d2b38b31fac78c10

  • Size

    739KB

  • Sample

    241109-1nvq9atalp

  • MD5

    b0037f04b257108eb52a51814ed77399

  • SHA1

    221ab256dec4a65dc0591c0e47f0aaaa04387c93

  • SHA256

    f43149b9dbfad4b9a1e31755b8c236b394d81368bcae51c6d2b38b31fac78c10

  • SHA512

    908a283db8611d7d5628170e2377b77491ce967aee4eeaea7e46be208d036b75bb603bfd76ab15e323b3f4e2e1a9392a7f59ab28001bb47892d42902f8ade36d

  • SSDEEP

    12288:xMrry90Lxziv7YVPg5ZJaeHRoUWWsAAK1BGFj8NwDb99nB7yevi/2CDAPuJYwk+Q:Cy4div0Vo5ZPRoVu1MaNkf7ymi+CcGJg

Malware Config

Extracted

Family

redline

Botnet

ruma

C2

193.233.20.13:4136

Attributes
  • auth_value

    647d00dfaba082a4a30f383bca5d1a2a

Targets

    • Target

      f43149b9dbfad4b9a1e31755b8c236b394d81368bcae51c6d2b38b31fac78c10

    • Size

      739KB

    • MD5

      b0037f04b257108eb52a51814ed77399

    • SHA1

      221ab256dec4a65dc0591c0e47f0aaaa04387c93

    • SHA256

      f43149b9dbfad4b9a1e31755b8c236b394d81368bcae51c6d2b38b31fac78c10

    • SHA512

      908a283db8611d7d5628170e2377b77491ce967aee4eeaea7e46be208d036b75bb603bfd76ab15e323b3f4e2e1a9392a7f59ab28001bb47892d42902f8ade36d

    • SSDEEP

      12288:xMrry90Lxziv7YVPg5ZJaeHRoUWWsAAK1BGFj8NwDb99nB7yevi/2CDAPuJYwk+Q:Cy4div0Vo5ZPRoVu1MaNkf7ymi+CcGJg

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks