General

  • Target

    f1ff3998c5da53813116a63cd9714777a29303f9a8b624311c6a3427568c1fc5

  • Size

    390KB

  • Sample

    241109-1rffqsslaw

  • MD5

    468704ecd1bfbc69460ce651eec8f533

  • SHA1

    ba7d25cb1bf8127ff44208426c6896221afe0d9b

  • SHA256

    f1ff3998c5da53813116a63cd9714777a29303f9a8b624311c6a3427568c1fc5

  • SHA512

    6cb340b3daaaf92ba626b58ed48402e699109b761b0fa1f1f19f29a693861cd7cc23b72105e1bb3cfab8c9302df4e6b6554b24b92154e7e6ad99380245153019

  • SSDEEP

    12288:b42ccDtTEnb8a87pmj89ccwt9tIAUYEMmOc:b4whInswj8Dw9PLc

Malware Config

Extracted

Family

redline

Botnet

ramon

C2

193.233.20.23:4123

Attributes
  • auth_value

    3197576965d9513f115338c233015b40

Targets

    • Target

      933d8e7c40120f0c690249dbf2cab78013a482725323107d27f76f0880ce6864.exe

    • Size

      441KB

    • MD5

      9ed1d7d5c099a29df7c61efac990f993

    • SHA1

      6dcdf9afb1b8f11e646bd23ac7308e4c5c131529

    • SHA256

      933d8e7c40120f0c690249dbf2cab78013a482725323107d27f76f0880ce6864

    • SHA512

      fae77539f3f5e82ca7d9f2038e9c6125f91279a585b8dd292d824d1f0ecd9e4c0e0cd0f94155b91ca7ea9a7f9ed29f63b2c833344af8cd503d0ed30fe7bd60bf

    • SSDEEP

      12288:5Mrzy90qrVyl1e5Qy5K6OMsSLo5fUAMvC6H:eyNxyG5QQD+SL2fJ8H

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks