General

  • Target

    5afbadc05934f3ce37ba2a8e0f17cd9bf431430e3f3e502d30170dc2db1e5a64

  • Size

    688KB

  • Sample

    241109-3qc1bsvcnj

  • MD5

    e9299359cae8cc0e1a1a5219d240cf88

  • SHA1

    fbfd5495ff04017b0993b8f3e7d48dbb06a9dc5d

  • SHA256

    5afbadc05934f3ce37ba2a8e0f17cd9bf431430e3f3e502d30170dc2db1e5a64

  • SHA512

    a4c4c2ea66a8d5ed0114c59d2773e09eb86b3a8e2beafeb9e38f46e9124c6a4ad5e5ea6f919435717cd96f3b00040c7850f740f9eb1234be865622ee72471b64

  • SSDEEP

    12288:qazLbKL4NqoxAfC7b+p88RKcuIrWRovMCAEuuF6XYH5s:q+LqoxZHTuKNMEC8p65s

Malware Config

Extracted

Family

redline

Botnet

ruma

C2

193.233.20.13:4136

Attributes
  • auth_value

    647d00dfaba082a4a30f383bca5d1a2a

Targets

    • Target

      f0fb5e4f2519743894d24989e741f3d720831465de18c8620e638a9c82fe1130.exe

    • Size

      739KB

    • MD5

      067cc0612830accc4eca2b65d5be8f9f

    • SHA1

      90bbde0f75eb572b196e5959e6aed0f07e4a4ad0

    • SHA256

      f0fb5e4f2519743894d24989e741f3d720831465de18c8620e638a9c82fe1130

    • SHA512

      64a90c784321ee343fae04615ce6b3f4e9c15a3b95547eba24ca6e34a30df4a76c3a37e006cc8f3e374055b101b35aea4a9f819ce6547a37d7a606c7ce25755f

    • SSDEEP

      12288:XMr9y90Nvg6eKwXdc/1NvlKv/inI1fVxlRwR8TMlXoyXjYwQbcGAEIBYTT3LEox7:qywg6Bwq/1NvlK/h9HrOXoyXXw1IBYfv

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks