General

  • Target

    21012c56f82c8dc191a842adf8c1f382379d7ff7c6237d370414b2ccb037922b

  • Size

    440KB

  • Sample

    241110-br7sjswerk

  • MD5

    c42c796ed1652bf01fbeb1b58a6e1ded

  • SHA1

    833182278489bc9e0d60557f869d69ca1805e360

  • SHA256

    21012c56f82c8dc191a842adf8c1f382379d7ff7c6237d370414b2ccb037922b

  • SHA512

    5ac70a7764356617ea700069f8a6f176d6ee1e49ddf115590933dad1da41e5bb07ae542c3140d860918f62b4da9663137fdb78b754bc5cfb1ec68845009b2940

  • SSDEEP

    12288:2Mrqy90r1d4H1yJY2t24d7gh8E1Y3/FGnr:8y634V0YQd7gKE1y/G

Malware Config

Extracted

Family

redline

Botnet

ronur

C2

193.233.20.20:4134

Attributes
  • auth_value

    f88f86755a528d4b25f6f3628c460965

Targets

    • Target

      21012c56f82c8dc191a842adf8c1f382379d7ff7c6237d370414b2ccb037922b

    • Size

      440KB

    • MD5

      c42c796ed1652bf01fbeb1b58a6e1ded

    • SHA1

      833182278489bc9e0d60557f869d69ca1805e360

    • SHA256

      21012c56f82c8dc191a842adf8c1f382379d7ff7c6237d370414b2ccb037922b

    • SHA512

      5ac70a7764356617ea700069f8a6f176d6ee1e49ddf115590933dad1da41e5bb07ae542c3140d860918f62b4da9663137fdb78b754bc5cfb1ec68845009b2940

    • SSDEEP

      12288:2Mrqy90r1d4H1yJY2t24d7gh8E1Y3/FGnr:8y634V0YQd7gKE1y/G

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks