General

  • Target

    0c7c7f1cc618815f800bdc3d761266d596cee694841d42d8fbdfa72bf7e8a988N

  • Size

    441KB

  • Sample

    241109-z553wa1qc1

  • MD5

    ba91fb8be1b82abf788fbd717a53de90

  • SHA1

    e242bca1b798d35fec3f4b67925b629762f9c127

  • SHA256

    0c7c7f1cc618815f800bdc3d761266d596cee694841d42d8fbdfa72bf7e8a988

  • SHA512

    eb269e953cb95dc5059d11f7110330ea9258f487a926f24cb2cc4fccd8cf5a893822847c736d351b7a6852a2866236173638b45b8361bcc8e9da8ea518360fc2

  • SSDEEP

    6144:Kcy+bnr+Np0yN90QEMSQiX1gw6SXi3Nh2cKMWBSJwl/7MF6bgIGn10aqJ6F3zFdZ:UMr1y90l/B6qi31j4ew1A8S+w9LZ

Malware Config

Extracted

Family

redline

Botnet

ramon

C2

193.233.20.23:4123

Attributes
  • auth_value

    3197576965d9513f115338c233015b40

Targets

    • Target

      0c7c7f1cc618815f800bdc3d761266d596cee694841d42d8fbdfa72bf7e8a988N

    • Size

      441KB

    • MD5

      ba91fb8be1b82abf788fbd717a53de90

    • SHA1

      e242bca1b798d35fec3f4b67925b629762f9c127

    • SHA256

      0c7c7f1cc618815f800bdc3d761266d596cee694841d42d8fbdfa72bf7e8a988

    • SHA512

      eb269e953cb95dc5059d11f7110330ea9258f487a926f24cb2cc4fccd8cf5a893822847c736d351b7a6852a2866236173638b45b8361bcc8e9da8ea518360fc2

    • SSDEEP

      6144:Kcy+bnr+Np0yN90QEMSQiX1gw6SXi3Nh2cKMWBSJwl/7MF6bgIGn10aqJ6F3zFdZ:UMr1y90l/B6qi31j4ew1A8S+w9LZ

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks