General

  • Target

    5c64d763c7f4f23377fd63425bdee73c95d23c585a22ec6f77825def3bd43608

  • Size

    585KB

  • Sample

    241109-m9wzjssmdw

  • MD5

    559d2676b5d2bcd3feaa9513ce6bcaee

  • SHA1

    57b13731be11a21dfe3694f3fe405bd7177eb8c9

  • SHA256

    5c64d763c7f4f23377fd63425bdee73c95d23c585a22ec6f77825def3bd43608

  • SHA512

    42328a9e34f1767e4c0c2ee1d3024284cd05ea445dfcff625ed7d2a9c5a141db7b88b84f82fb3e17b5d3a692e4e2ec84fa4d760518c0f0b32bb7edb2f828f6da

  • SSDEEP

    12288:BMryy90rgZ/Wr3GWYX3E4p316TMExTOqbTa3IhS:Ly6Qc3GNX3EsAxTOqqZ

Malware Config

Extracted

Family

redline

Botnet

ronur

C2

193.233.20.20:4134

Attributes
  • auth_value

    f88f86755a528d4b25f6f3628c460965

Targets

    • Target

      5c64d763c7f4f23377fd63425bdee73c95d23c585a22ec6f77825def3bd43608

    • Size

      585KB

    • MD5

      559d2676b5d2bcd3feaa9513ce6bcaee

    • SHA1

      57b13731be11a21dfe3694f3fe405bd7177eb8c9

    • SHA256

      5c64d763c7f4f23377fd63425bdee73c95d23c585a22ec6f77825def3bd43608

    • SHA512

      42328a9e34f1767e4c0c2ee1d3024284cd05ea445dfcff625ed7d2a9c5a141db7b88b84f82fb3e17b5d3a692e4e2ec84fa4d760518c0f0b32bb7edb2f828f6da

    • SSDEEP

      12288:BMryy90rgZ/Wr3GWYX3E4p316TMExTOqbTa3IhS:Ly6Qc3GNX3EsAxTOqqZ

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks