General

  • Target

    e083ff24e50534beaa8ecc5c15c3216d00d1f8930a2b4947c82e4f7febfc28a3

  • Size

    429KB

  • Sample

    241109-yk6y1a1cmn

  • MD5

    c26f72511ef097b796acd51a786b39b0

  • SHA1

    df713cbc62c32f139ba8ae2befafe4e53e21a5f4

  • SHA256

    e083ff24e50534beaa8ecc5c15c3216d00d1f8930a2b4947c82e4f7febfc28a3

  • SHA512

    78ab3503eb0698485804377177a15be0b17365e89fa18eb46173afee831bc9de22e32f9d7a9015c3af0c03fada3fbfef0870f41eef685e8edfb709ab9e486ac6

  • SSDEEP

    6144:Kly+bnr+2p0yN90QErhZYwU21MEImBW5ZMUT/RIamEBeI2puLOPZxsn0cuthEl:fMray90/ZS2iEImKT/kEBe+LOvNtK

Malware Config

Extracted

Family

redline

Botnet

ronur

C2

193.233.20.20:4134

Attributes
  • auth_value

    f88f86755a528d4b25f6f3628c460965

Targets

    • Target

      e083ff24e50534beaa8ecc5c15c3216d00d1f8930a2b4947c82e4f7febfc28a3

    • Size

      429KB

    • MD5

      c26f72511ef097b796acd51a786b39b0

    • SHA1

      df713cbc62c32f139ba8ae2befafe4e53e21a5f4

    • SHA256

      e083ff24e50534beaa8ecc5c15c3216d00d1f8930a2b4947c82e4f7febfc28a3

    • SHA512

      78ab3503eb0698485804377177a15be0b17365e89fa18eb46173afee831bc9de22e32f9d7a9015c3af0c03fada3fbfef0870f41eef685e8edfb709ab9e486ac6

    • SSDEEP

      6144:Kly+bnr+2p0yN90QErhZYwU21MEImBW5ZMUT/RIamEBeI2puLOPZxsn0cuthEl:fMray90/ZS2iEImKT/kEBe+LOvNtK

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks