General

  • Target

    9db72dc869198a3055ded469d8d23e27bd36b8d508d05729f6ea02e8c10fb0d4

  • Size

    443KB

  • Sample

    241109-mkad9asgmb

  • MD5

    341a70cdbe228f28f73fe1cfdc27562b

  • SHA1

    fee41fcc25e5c56fba64891edb5eb81bf509e60b

  • SHA256

    9db72dc869198a3055ded469d8d23e27bd36b8d508d05729f6ea02e8c10fb0d4

  • SHA512

    ea1b474bd961ba9ef6ef3cc46e82bb20b0101abe9f7fee1a8bb1c24cffe4bd98d58e6ca73d88c87c7e236b0f2a993609c05dd56a624855a30665a8a2e0ec9e62

  • SSDEEP

    12288:jMrVy90bfQcBrtlTzsTJ3ktlpGsuAiOfij165b:GySJrtRzsTyl0OI8

Malware Config

Extracted

Family

redline

Botnet

ramon

C2

193.233.20.23:4123

Attributes
  • auth_value

    3197576965d9513f115338c233015b40

Targets

    • Target

      9db72dc869198a3055ded469d8d23e27bd36b8d508d05729f6ea02e8c10fb0d4

    • Size

      443KB

    • MD5

      341a70cdbe228f28f73fe1cfdc27562b

    • SHA1

      fee41fcc25e5c56fba64891edb5eb81bf509e60b

    • SHA256

      9db72dc869198a3055ded469d8d23e27bd36b8d508d05729f6ea02e8c10fb0d4

    • SHA512

      ea1b474bd961ba9ef6ef3cc46e82bb20b0101abe9f7fee1a8bb1c24cffe4bd98d58e6ca73d88c87c7e236b0f2a993609c05dd56a624855a30665a8a2e0ec9e62

    • SSDEEP

      12288:jMrVy90bfQcBrtlTzsTJ3ktlpGsuAiOfij165b:GySJrtRzsTyl0OI8

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks