General

  • Target

    0979d7997b9026ef9ed87960775fb56db446e6d1ae2d720033e88f39abcbae4f

  • Size

    592KB

  • Sample

    241109-yv5hxs1ekn

  • MD5

    4afa146eaeef54fa7c5f202587ec6f7c

  • SHA1

    51f63d09acbd1253f7812efd6513aada2edc549b

  • SHA256

    0979d7997b9026ef9ed87960775fb56db446e6d1ae2d720033e88f39abcbae4f

  • SHA512

    1018b8e31509d94696eec8642f43027208cc11d087fce3cdc886de41074c5baf6f4a29619b31088fd2988682805773bf2f3dce1cdc973e80e848ea8edc77e815

  • SSDEEP

    12288:/Mr0y90aIWUdgBIVK4BtSDb1YSUooJJlJFlxtCGSQ/QRdoIuwWo:LyVIXnVzSDpsooJJlNxtCGrGhuto

Malware Config

Extracted

Family

redline

Botnet

ronam

C2

193.233.20.17:4139

Attributes
  • auth_value

    125421d19d14dd7fd211bc7f6d4aea6c

Targets

    • Target

      0979d7997b9026ef9ed87960775fb56db446e6d1ae2d720033e88f39abcbae4f

    • Size

      592KB

    • MD5

      4afa146eaeef54fa7c5f202587ec6f7c

    • SHA1

      51f63d09acbd1253f7812efd6513aada2edc549b

    • SHA256

      0979d7997b9026ef9ed87960775fb56db446e6d1ae2d720033e88f39abcbae4f

    • SHA512

      1018b8e31509d94696eec8642f43027208cc11d087fce3cdc886de41074c5baf6f4a29619b31088fd2988682805773bf2f3dce1cdc973e80e848ea8edc77e815

    • SSDEEP

      12288:/Mr0y90aIWUdgBIVK4BtSDb1YSUooJJlJFlxtCGSQ/QRdoIuwWo:LyVIXnVzSDpsooJJlNxtCGrGhuto

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks