General

  • Target

    70c9e07576d0afc522ad7bf88c7b9839e045e76143453b6a94cbedc3bcbc5181

  • Size

    565KB

  • Sample

    241109-3amvlaxkfl

  • MD5

    af485ddf53e784f6ad343763402f4936

  • SHA1

    bd771976558f701c3b4299a80ba3813bf4c61d5c

  • SHA256

    70c9e07576d0afc522ad7bf88c7b9839e045e76143453b6a94cbedc3bcbc5181

  • SHA512

    28835b5116f81f2c69f2031e9b6d5f2bb5e82cceb4176741b21f098161cb938f3d98f5506b9f1b1b22a28d1a86fe0ccbcb77c8a993ba23a0436c7b5d613d8eec

  • SSDEEP

    12288:JMrny90225fVR1TXT6Snl4x9wJ2v/cb6Hi/DE0WhkYm2T:myFcV31l4x8O/46CI6n2T

Malware Config

Extracted

Family

redline

Botnet

ronur

C2

193.233.20.20:4134

Attributes
  • auth_value

    f88f86755a528d4b25f6f3628c460965

Targets

    • Target

      70c9e07576d0afc522ad7bf88c7b9839e045e76143453b6a94cbedc3bcbc5181

    • Size

      565KB

    • MD5

      af485ddf53e784f6ad343763402f4936

    • SHA1

      bd771976558f701c3b4299a80ba3813bf4c61d5c

    • SHA256

      70c9e07576d0afc522ad7bf88c7b9839e045e76143453b6a94cbedc3bcbc5181

    • SHA512

      28835b5116f81f2c69f2031e9b6d5f2bb5e82cceb4176741b21f098161cb938f3d98f5506b9f1b1b22a28d1a86fe0ccbcb77c8a993ba23a0436c7b5d613d8eec

    • SSDEEP

      12288:JMrny90225fVR1TXT6Snl4x9wJ2v/cb6Hi/DE0WhkYm2T:myFcV31l4x8O/46CI6n2T

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks