General

  • Target

    9fe5aa3009fc9988e73285365c7251f1c1e8c7b9c044bcf0c480c4c9a25dc6a5

  • Size

    440KB

  • Sample

    241109-m63mxswlfp

  • MD5

    0ac224ce4d54d0dec2c1e2ad824ce852

  • SHA1

    72f2c51fe5cc43acb9a28432d9c4a8350dfc017f

  • SHA256

    9fe5aa3009fc9988e73285365c7251f1c1e8c7b9c044bcf0c480c4c9a25dc6a5

  • SHA512

    45ad3675acf61d292501b2d3a350c3ef773c9464aeed89cf1b7aa335ac980b5c54d0579267e80dfdb42f8c89d66a72a2c512f8b40c484708830c2fd41da9732b

  • SSDEEP

    6144:K2y+bnr+wp0yN90QESETKwHHhtW5OSD7N75zZwKWFaBKmMDgGTgYzlH1/w:OMrsy90aQBtgHjNW9gw1zlHZw

Malware Config

Extracted

Family

redline

Botnet

ramon

C2

193.233.20.23:4123

Attributes
  • auth_value

    3197576965d9513f115338c233015b40

Targets

    • Target

      9fe5aa3009fc9988e73285365c7251f1c1e8c7b9c044bcf0c480c4c9a25dc6a5

    • Size

      440KB

    • MD5

      0ac224ce4d54d0dec2c1e2ad824ce852

    • SHA1

      72f2c51fe5cc43acb9a28432d9c4a8350dfc017f

    • SHA256

      9fe5aa3009fc9988e73285365c7251f1c1e8c7b9c044bcf0c480c4c9a25dc6a5

    • SHA512

      45ad3675acf61d292501b2d3a350c3ef773c9464aeed89cf1b7aa335ac980b5c54d0579267e80dfdb42f8c89d66a72a2c512f8b40c484708830c2fd41da9732b

    • SSDEEP

      6144:K2y+bnr+wp0yN90QESETKwHHhtW5OSD7N75zZwKWFaBKmMDgGTgYzlH1/w:OMrsy90aQBtgHjNW9gw1zlHZw

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks