General

  • Target

    57824b886422390701cdebeef26afc01152bae22536c4ed8cec64c41cf9dc4ec

  • Size

    742KB

  • Sample

    241110-ajax6strgv

  • MD5

    973f2a7beedf92b7418f21e5f3820c99

  • SHA1

    deaa80030cdeaf4adb94459d7ea01b381633dca5

  • SHA256

    57824b886422390701cdebeef26afc01152bae22536c4ed8cec64c41cf9dc4ec

  • SHA512

    566c01c6b97453de033a330c72da870d88d78011773c13d54cc34ba2678cb21c5f320c926fe1296146724ab05304658d5730c44245d65815f01ec7d3191daec9

  • SSDEEP

    12288:oMrFy90u5M02gEmCKfzfHdjCtcQvh9H7onsmnawVTJqXtmirf12qanfq:Nym02gLHzlqJ9bosPwVTQFf1oi

Malware Config

Extracted

Family

redline

Botnet

ruma

C2

193.233.20.13:4136

Attributes
  • auth_value

    647d00dfaba082a4a30f383bca5d1a2a

Targets

    • Target

      57824b886422390701cdebeef26afc01152bae22536c4ed8cec64c41cf9dc4ec

    • Size

      742KB

    • MD5

      973f2a7beedf92b7418f21e5f3820c99

    • SHA1

      deaa80030cdeaf4adb94459d7ea01b381633dca5

    • SHA256

      57824b886422390701cdebeef26afc01152bae22536c4ed8cec64c41cf9dc4ec

    • SHA512

      566c01c6b97453de033a330c72da870d88d78011773c13d54cc34ba2678cb21c5f320c926fe1296146724ab05304658d5730c44245d65815f01ec7d3191daec9

    • SSDEEP

      12288:oMrFy90u5M02gEmCKfzfHdjCtcQvh9H7onsmnawVTJqXtmirf12qanfq:Nym02gLHzlqJ9bosPwVTQFf1oi

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks