General

  • Target

    d55d969b12ded7ed6185dc1c6e25ec34ea0486a7469c071164289cf38edd8182

  • Size

    584KB

  • Sample

    241109-yjsd8a1cpa

  • MD5

    301a956c29bbf9b736e8dba344060a74

  • SHA1

    240407f7ce5feb581e9e43867dae13954277556f

  • SHA256

    d55d969b12ded7ed6185dc1c6e25ec34ea0486a7469c071164289cf38edd8182

  • SHA512

    fcb66a00baa482027bca287b193cdde45e0b2ad8742cc97b73820b6e619038595a82b54966fcccb598171dfbe3ebb1da4df9e3ba7ff72c132e2c08ac0f180879

  • SSDEEP

    12288:MMrmy90lgoPPkIOlhObmcSxkLw4o3hIPNGP1MRjT:Sy2cIOCbpRo3MNGdMR

Malware Config

Extracted

Family

redline

Botnet

ronam

C2

193.233.20.17:4139

Attributes
  • auth_value

    125421d19d14dd7fd211bc7f6d4aea6c

Targets

    • Target

      d55d969b12ded7ed6185dc1c6e25ec34ea0486a7469c071164289cf38edd8182

    • Size

      584KB

    • MD5

      301a956c29bbf9b736e8dba344060a74

    • SHA1

      240407f7ce5feb581e9e43867dae13954277556f

    • SHA256

      d55d969b12ded7ed6185dc1c6e25ec34ea0486a7469c071164289cf38edd8182

    • SHA512

      fcb66a00baa482027bca287b193cdde45e0b2ad8742cc97b73820b6e619038595a82b54966fcccb598171dfbe3ebb1da4df9e3ba7ff72c132e2c08ac0f180879

    • SSDEEP

      12288:MMrmy90lgoPPkIOlhObmcSxkLw4o3hIPNGP1MRjT:Sy2cIOCbpRo3MNGdMR

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks