General

  • Target

    653476dd6689f2f83044da03ac86e2815a72fc612dc1a938525ba0f3cb9d2f35

  • Size

    424KB

  • Sample

    241109-y5r1ks1jas

  • MD5

    9e26bd3286cec099688156631bc48928

  • SHA1

    41c4f316a784aa96272b9d242bdcab6ed626d8b3

  • SHA256

    653476dd6689f2f83044da03ac86e2815a72fc612dc1a938525ba0f3cb9d2f35

  • SHA512

    a0a85ff1f49c1571531750233dc58fe545ecf054ce56f0360f67ac293dc115f7a5d341400a8889a2b118e84aacc4109ebe50c4759ba95eb844e25a2e63682f06

  • SSDEEP

    6144:Kiy+bnr+6p0yN90QEXaZK+Ql1+bXhpZ+CMr8zly1Trhj6Ff2I+fhtY5Qyzb5Nv7:GMr6y90J0iGhprMwzly5V8YAzzFNv7

Malware Config

Extracted

Family

redline

Botnet

ronur

C2

193.233.20.20:4134

Attributes
  • auth_value

    f88f86755a528d4b25f6f3628c460965

Targets

    • Target

      653476dd6689f2f83044da03ac86e2815a72fc612dc1a938525ba0f3cb9d2f35

    • Size

      424KB

    • MD5

      9e26bd3286cec099688156631bc48928

    • SHA1

      41c4f316a784aa96272b9d242bdcab6ed626d8b3

    • SHA256

      653476dd6689f2f83044da03ac86e2815a72fc612dc1a938525ba0f3cb9d2f35

    • SHA512

      a0a85ff1f49c1571531750233dc58fe545ecf054ce56f0360f67ac293dc115f7a5d341400a8889a2b118e84aacc4109ebe50c4759ba95eb844e25a2e63682f06

    • SSDEEP

      6144:Kiy+bnr+6p0yN90QEXaZK+Ql1+bXhpZ+CMr8zly1Trhj6Ff2I+fhtY5Qyzb5Nv7:GMr6y90J0iGhprMwzly5V8YAzzFNv7

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks