General

  • Target

    e5a898c269aa283ca34a3c83b00e8e6566fd45a9966d930f3bb5d933ebb2c867

  • Size

    739KB

  • Sample

    241109-yt9fgs1drq

  • MD5

    b75eb3e10ed0ddb4572bc8224fc7cf51

  • SHA1

    7ddde05fec0185650737b4bb79cc99436d6d7682

  • SHA256

    e5a898c269aa283ca34a3c83b00e8e6566fd45a9966d930f3bb5d933ebb2c867

  • SHA512

    f45bb9dae121af24bf4f1004902bc6d81490ddad96c49a6d5e9f78f699ca961a1bc5e4134bf0106eb43b0dec6beba24e096db03705dd4e7e73d0f15253d783ee

  • SSDEEP

    12288:uMr7y90G8+aBxjurXISEJ1/1s/CYLwy2PBDgy7FJnPzdsCnMuhHq+Kc7/wqS/YoH:ly7MBxjl931s/CYuDgy7jpMut7nTk

Malware Config

Extracted

Family

redline

Botnet

ruma

C2

193.233.20.13:4136

Attributes
  • auth_value

    647d00dfaba082a4a30f383bca5d1a2a

Targets

    • Target

      e5a898c269aa283ca34a3c83b00e8e6566fd45a9966d930f3bb5d933ebb2c867

    • Size

      739KB

    • MD5

      b75eb3e10ed0ddb4572bc8224fc7cf51

    • SHA1

      7ddde05fec0185650737b4bb79cc99436d6d7682

    • SHA256

      e5a898c269aa283ca34a3c83b00e8e6566fd45a9966d930f3bb5d933ebb2c867

    • SHA512

      f45bb9dae121af24bf4f1004902bc6d81490ddad96c49a6d5e9f78f699ca961a1bc5e4134bf0106eb43b0dec6beba24e096db03705dd4e7e73d0f15253d783ee

    • SSDEEP

      12288:uMr7y90G8+aBxjurXISEJ1/1s/CYLwy2PBDgy7FJnPzdsCnMuhHq+Kc7/wqS/YoH:ly7MBxjl931s/CYuDgy7jpMut7nTk

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks