General

  • Target

    31cbf2c21cb7b7d3f5df1d011da7b335cd6cf9b778846e54a16ceb76f1be542a

  • Size

    431KB

  • Sample

    241109-ma3ytaserk

  • MD5

    198d336f53e89124c263071a2653c80b

  • SHA1

    adcea9c0a0a39994367191d60c32e1e86a3d4203

  • SHA256

    31cbf2c21cb7b7d3f5df1d011da7b335cd6cf9b778846e54a16ceb76f1be542a

  • SHA512

    9ffa0bbfdf8ebfe77e917e7cd8fc676ea6784e84bbe18db709d7c55526cb69673b21c43abdb4e2cdc216e07190950c928cf089c5a55e2457ed9246656c525394

  • SSDEEP

    6144:Kqy+bnr+dp0yN90QEXooBH8o9+vzM8Fc5Nx61gyyQ2RolKBKODe34++rs:GMrty90mvn1gyyQWqUKA++I

Malware Config

Extracted

Family

redline

Botnet

ramon

C2

193.233.20.23:4123

Attributes
  • auth_value

    3197576965d9513f115338c233015b40

Targets

    • Target

      31cbf2c21cb7b7d3f5df1d011da7b335cd6cf9b778846e54a16ceb76f1be542a

    • Size

      431KB

    • MD5

      198d336f53e89124c263071a2653c80b

    • SHA1

      adcea9c0a0a39994367191d60c32e1e86a3d4203

    • SHA256

      31cbf2c21cb7b7d3f5df1d011da7b335cd6cf9b778846e54a16ceb76f1be542a

    • SHA512

      9ffa0bbfdf8ebfe77e917e7cd8fc676ea6784e84bbe18db709d7c55526cb69673b21c43abdb4e2cdc216e07190950c928cf089c5a55e2457ed9246656c525394

    • SSDEEP

      6144:Kqy+bnr+dp0yN90QEXooBH8o9+vzM8Fc5Nx61gyyQ2RolKBKODe34++rs:GMrty90mvn1gyyQWqUKA++I

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks