General

  • Target

    58bf7456dd7f582f8bd46c7980750f5f1d0553f1ce6db7bf8f67772dacbfb34d

  • Size

    430KB

  • Sample

    241110-bn4lqavrby

  • MD5

    9fa018b4524a32b4ac0536679a900bce

  • SHA1

    0906751c74d9e8f9da8adc2b1fc8228cdf7186ef

  • SHA256

    58bf7456dd7f582f8bd46c7980750f5f1d0553f1ce6db7bf8f67772dacbfb34d

  • SHA512

    83129e810d80f8d7274d1dd04e1f28ae76105fe30102cd80ffeb95852d15b4e03a00c83348b268edf431addad4d7343255219e190f560cd114bf13506e158ffc

  • SSDEEP

    6144:Kly+bnr+Lp0yN90QEfGtL2+JwWQDRzqG9VuI3DLyu37j89OcRqH0ci6QrbFYgEft:3MrXy90lu6TtmGeIzD0OoqHGFYgWW7M

Malware Config

Extracted

Family

redline

Botnet

ronur

C2

193.233.20.20:4134

Attributes
  • auth_value

    f88f86755a528d4b25f6f3628c460965

Targets

    • Target

      58bf7456dd7f582f8bd46c7980750f5f1d0553f1ce6db7bf8f67772dacbfb34d

    • Size

      430KB

    • MD5

      9fa018b4524a32b4ac0536679a900bce

    • SHA1

      0906751c74d9e8f9da8adc2b1fc8228cdf7186ef

    • SHA256

      58bf7456dd7f582f8bd46c7980750f5f1d0553f1ce6db7bf8f67772dacbfb34d

    • SHA512

      83129e810d80f8d7274d1dd04e1f28ae76105fe30102cd80ffeb95852d15b4e03a00c83348b268edf431addad4d7343255219e190f560cd114bf13506e158ffc

    • SSDEEP

      6144:Kly+bnr+Lp0yN90QEfGtL2+JwWQDRzqG9VuI3DLyu37j89OcRqH0ci6QrbFYgEft:3MrXy90lu6TtmGeIzD0OoqHGFYgWW7M

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks