General

  • Target

    3258d09b389a155351b2be7fd8df904fd8df8cacfa795a664d8c6bf1fc367c5f

  • Size

    564KB

  • Sample

    241109-1r4hkatbkp

  • MD5

    3ae1e7f1a616f8defd87770cab45f522

  • SHA1

    83fe58f557d7830ca0f749828fc26095f2172243

  • SHA256

    3258d09b389a155351b2be7fd8df904fd8df8cacfa795a664d8c6bf1fc367c5f

  • SHA512

    4d4b4934e9135ed67e89fd862a8de92544af0f80a587a4c9c3251673949f2dd79c6d81bc53e311f536ab3e2a1892369f2ac2ba1849e106755a2be8c70c8d7969

  • SSDEEP

    12288:RMrXy90/Qnfyx0F5ZfNoqVQbHh08ZZ8Hieg06WssT:2yvc0F3ZAmEWCe/XdT

Malware Config

Extracted

Family

redline

Botnet

ronur

C2

193.233.20.20:4134

Attributes
  • auth_value

    f88f86755a528d4b25f6f3628c460965

Targets

    • Target

      3258d09b389a155351b2be7fd8df904fd8df8cacfa795a664d8c6bf1fc367c5f

    • Size

      564KB

    • MD5

      3ae1e7f1a616f8defd87770cab45f522

    • SHA1

      83fe58f557d7830ca0f749828fc26095f2172243

    • SHA256

      3258d09b389a155351b2be7fd8df904fd8df8cacfa795a664d8c6bf1fc367c5f

    • SHA512

      4d4b4934e9135ed67e89fd862a8de92544af0f80a587a4c9c3251673949f2dd79c6d81bc53e311f536ab3e2a1892369f2ac2ba1849e106755a2be8c70c8d7969

    • SSDEEP

      12288:RMrXy90/Qnfyx0F5ZfNoqVQbHh08ZZ8Hieg06WssT:2yvc0F3ZAmEWCe/XdT

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks