General

  • Target

    b35ab225042c1fde5c4b4a1b02e3777cd95721cc9ee97a31c6fd088807db1abd

  • Size

    429KB

  • Sample

    241109-x4bfrszkh1

  • MD5

    b60c89da78422dff713b324212f2913b

  • SHA1

    af489d8df8df24f382573f8099595c9b419a8a86

  • SHA256

    b35ab225042c1fde5c4b4a1b02e3777cd95721cc9ee97a31c6fd088807db1abd

  • SHA512

    e8c650931ffacf0dda92eeecc921a19fed43d752168ff72a1a93d6aeda2ce0c9c3f38de665885471c74b81ed81d7972062ded81c883ca03b4509bc49adf981d3

  • SSDEEP

    6144:K6y+bnr+up0yN90QE5hZYwU21MEImBW5ZMUT/RIamEBeI2puLOVDta2MYfk:yMriy90pZS2iEImKT/kEBe+LOVxa/f

Malware Config

Extracted

Family

redline

Botnet

ronur

C2

193.233.20.20:4134

Attributes
  • auth_value

    f88f86755a528d4b25f6f3628c460965

Targets

    • Target

      b35ab225042c1fde5c4b4a1b02e3777cd95721cc9ee97a31c6fd088807db1abd

    • Size

      429KB

    • MD5

      b60c89da78422dff713b324212f2913b

    • SHA1

      af489d8df8df24f382573f8099595c9b419a8a86

    • SHA256

      b35ab225042c1fde5c4b4a1b02e3777cd95721cc9ee97a31c6fd088807db1abd

    • SHA512

      e8c650931ffacf0dda92eeecc921a19fed43d752168ff72a1a93d6aeda2ce0c9c3f38de665885471c74b81ed81d7972062ded81c883ca03b4509bc49adf981d3

    • SSDEEP

      6144:K6y+bnr+up0yN90QE5hZYwU21MEImBW5ZMUT/RIamEBeI2puLOVDta2MYfk:yMriy90pZS2iEImKT/kEBe+LOVxa/f

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks