General

  • Target

    c5644cb1c1fc41b46456e5855d7301c106563bbbb8300882b08ec29e5827365eN

  • Size

    447KB

  • Sample

    241110-bxn8dswjhs

  • MD5

    1423fbd385a7b4be033bbe728b04b600

  • SHA1

    548a4fcbe7956fc6f718dc11681d417104bc5929

  • SHA256

    c5644cb1c1fc41b46456e5855d7301c106563bbbb8300882b08ec29e5827365e

  • SHA512

    f23b9a3565d1c07d740bb8cd82a809376b68995a48eea1184e24a3e52bce9681252353487ca215cb38188ae598a97a857730f6d77777c1255b41885eeb8e17cf

  • SSDEEP

    6144:Kay+bnr+qp0yN90QEbd7Tif7yhfc1dSJoqrL8lJFleamcTIvSfY/7BRoV4Du:qMrmy90nG+/JoqElJFlzmCISQ/FR0f

Malware Config

Extracted

Family

redline

Botnet

ronam

C2

193.233.20.17:4139

Attributes
  • auth_value

    125421d19d14dd7fd211bc7f6d4aea6c

Targets

    • Target

      c5644cb1c1fc41b46456e5855d7301c106563bbbb8300882b08ec29e5827365eN

    • Size

      447KB

    • MD5

      1423fbd385a7b4be033bbe728b04b600

    • SHA1

      548a4fcbe7956fc6f718dc11681d417104bc5929

    • SHA256

      c5644cb1c1fc41b46456e5855d7301c106563bbbb8300882b08ec29e5827365e

    • SHA512

      f23b9a3565d1c07d740bb8cd82a809376b68995a48eea1184e24a3e52bce9681252353487ca215cb38188ae598a97a857730f6d77777c1255b41885eeb8e17cf

    • SSDEEP

      6144:Kay+bnr+qp0yN90QEbd7Tif7yhfc1dSJoqrL8lJFleamcTIvSfY/7BRoV4Du:qMrmy90nG+/JoqElJFlzmCISQ/FR0f

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks