General

  • Target

    2609b4935ebc015595cc246bdbb19d3aac2e76d5838b6a5920c01242132b6b67

  • Size

    441KB

  • Sample

    241110-awwemswbkc

  • MD5

    1a29ccf676fcbe2b34ba604d1503bb45

  • SHA1

    fefe05fb8e43dff9d1f0bb7d2a681914e476a3bb

  • SHA256

    2609b4935ebc015595cc246bdbb19d3aac2e76d5838b6a5920c01242132b6b67

  • SHA512

    ed71ef5413a7cc651f2cff5bd3674dfc995cf79b7214feb973ed211428e30254a5ea56488de7da8f772c229a79676da5b4e2a649c7e3f72078a7233b90ddf8aa

  • SSDEEP

    12288:tMr7y90XrVyl1e5Qy5K6OMsSLo5fUAMvWpb:qy4xyG5QQD+SL2fJXb

Malware Config

Extracted

Family

redline

Botnet

ramon

C2

193.233.20.23:4123

Attributes
  • auth_value

    3197576965d9513f115338c233015b40

Targets

    • Target

      2609b4935ebc015595cc246bdbb19d3aac2e76d5838b6a5920c01242132b6b67

    • Size

      441KB

    • MD5

      1a29ccf676fcbe2b34ba604d1503bb45

    • SHA1

      fefe05fb8e43dff9d1f0bb7d2a681914e476a3bb

    • SHA256

      2609b4935ebc015595cc246bdbb19d3aac2e76d5838b6a5920c01242132b6b67

    • SHA512

      ed71ef5413a7cc651f2cff5bd3674dfc995cf79b7214feb973ed211428e30254a5ea56488de7da8f772c229a79676da5b4e2a649c7e3f72078a7233b90ddf8aa

    • SSDEEP

      12288:tMr7y90XrVyl1e5Qy5K6OMsSLo5fUAMvWpb:qy4xyG5QQD+SL2fJXb

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks