General

  • Target

    be39480e8f78cc38960853590e7873e15501ff0aaa0d831b143173a63e583a37

  • Size

    583KB

  • Sample

    241109-m39l3aslds

  • MD5

    0d7910815498fe885c669c0729f2c212

  • SHA1

    f3d347d49671d01382ca1a8e3959c0c021d3478a

  • SHA256

    be39480e8f78cc38960853590e7873e15501ff0aaa0d831b143173a63e583a37

  • SHA512

    05111f0f4dc39a5dfaa3c824dfa5d2a479e903e53929d7044dc3b19c50855d0fa06f8a010f80a329943eaacddf440d5ff3e3ba402ea538f038e7ecf6cce0269b

  • SSDEEP

    12288:IMrxy90NUGBgl0zcN16ItRuKPWpDdmwmwYy0u70Goyr6TMgG53SX:ZycBg1r6IbTutdJYyh70Go8d53SX

Malware Config

Extracted

Family

redline

Botnet

ronur

C2

193.233.20.20:4134

Attributes
  • auth_value

    f88f86755a528d4b25f6f3628c460965

Targets

    • Target

      be39480e8f78cc38960853590e7873e15501ff0aaa0d831b143173a63e583a37

    • Size

      583KB

    • MD5

      0d7910815498fe885c669c0729f2c212

    • SHA1

      f3d347d49671d01382ca1a8e3959c0c021d3478a

    • SHA256

      be39480e8f78cc38960853590e7873e15501ff0aaa0d831b143173a63e583a37

    • SHA512

      05111f0f4dc39a5dfaa3c824dfa5d2a479e903e53929d7044dc3b19c50855d0fa06f8a010f80a329943eaacddf440d5ff3e3ba402ea538f038e7ecf6cce0269b

    • SSDEEP

      12288:IMrxy90NUGBgl0zcN16ItRuKPWpDdmwmwYy0u70Goyr6TMgG53SX:ZycBg1r6IbTutdJYyh70Go8d53SX

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks