General

  • Target

    5381d67261df3ec016581fe7002c71aa75ba9a8b6e549587a7d556538d9b0ed3N.exe

  • Size

    539KB

  • Sample

    241110-3nxa7axjdz

  • MD5

    58c157e85d4133194d15a59df776e5e5

  • SHA1

    468a407609c018fd41cd5f908ee72d61d41dcb31

  • SHA256

    5160818fd9a7356b4d02471a4dc2511a7741e82d8fb49936bbae45b71b1b8279

  • SHA512

    5793666e862a21e362944b7049ab93495340c5603cb6c812da5c1341231205718af597d2b802346fb7ff91dfc11f88e1dea8b0f338930577d2ab3adeb7233426

  • SSDEEP

    12288:bMrny90BmkZgQAJOBoKFqNhqNtPD6QyopnHcIQQKW:0yNkZgQpGKVP+QXYQKW

Malware Config

Extracted

Family

redline

Botnet

romik

C2

193.233.20.12:4132

Attributes
  • auth_value

    8fb78d2889ba0ca42678b59b884e88ff

Targets

    • Target

      5381d67261df3ec016581fe7002c71aa75ba9a8b6e549587a7d556538d9b0ed3N.exe

    • Size

      539KB

    • MD5

      58c157e85d4133194d15a59df776e5e5

    • SHA1

      468a407609c018fd41cd5f908ee72d61d41dcb31

    • SHA256

      5160818fd9a7356b4d02471a4dc2511a7741e82d8fb49936bbae45b71b1b8279

    • SHA512

      5793666e862a21e362944b7049ab93495340c5603cb6c812da5c1341231205718af597d2b802346fb7ff91dfc11f88e1dea8b0f338930577d2ab3adeb7233426

    • SSDEEP

      12288:bMrny90BmkZgQAJOBoKFqNhqNtPD6QyopnHcIQQKW:0yNkZgQpGKVP+QXYQKW

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks