General

  • Target

    972100c23a5a0b1fc65e114f2809b70e611ffbd450fd7d3455da6f4dc525b660

  • Size

    437KB

  • Sample

    241109-xt4pkazjd1

  • MD5

    f20abdc76bdfae2031682b2bc0bf5f67

  • SHA1

    2526b2e3c15de16a42415a2393454e2132156a76

  • SHA256

    972100c23a5a0b1fc65e114f2809b70e611ffbd450fd7d3455da6f4dc525b660

  • SHA512

    22becae0634d4fa958723b271da64c84bb4e5be99200998322cf33e97d8da319046172c2d161acca21754aa9d12cede7748c608ff3e85ea2ffed3a6bb5f30bf6

  • SSDEEP

    6144:K1y+bnr+fp0yN90QEX4HW7uwpcqItfoaeKyimC9tPlSljhaqDQ7DTKSIhLlwhHcL:3MrDy90Fujqk9yVNeqDECSM+I

Malware Config

Extracted

Family

redline

Botnet

ronur

C2

193.233.20.20:4134

Attributes
  • auth_value

    f88f86755a528d4b25f6f3628c460965

Targets

    • Target

      972100c23a5a0b1fc65e114f2809b70e611ffbd450fd7d3455da6f4dc525b660

    • Size

      437KB

    • MD5

      f20abdc76bdfae2031682b2bc0bf5f67

    • SHA1

      2526b2e3c15de16a42415a2393454e2132156a76

    • SHA256

      972100c23a5a0b1fc65e114f2809b70e611ffbd450fd7d3455da6f4dc525b660

    • SHA512

      22becae0634d4fa958723b271da64c84bb4e5be99200998322cf33e97d8da319046172c2d161acca21754aa9d12cede7748c608ff3e85ea2ffed3a6bb5f30bf6

    • SSDEEP

      6144:K1y+bnr+fp0yN90QEX4HW7uwpcqItfoaeKyimC9tPlSljhaqDQ7DTKSIhLlwhHcL:3MrDy90Fujqk9yVNeqDECSM+I

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks