General

  • Target

    0030d18037d926f7aa95557519ec48c0e5f282ecbf4902f742d769be4678d5bb

  • Size

    529KB

  • Sample

    241110-gvbgeatrdq

  • MD5

    f911bb015238fdf677b5cbf742e77f3d

  • SHA1

    c4222eefa35758049160a2419eca568eab06bdb6

  • SHA256

    0030d18037d926f7aa95557519ec48c0e5f282ecbf4902f742d769be4678d5bb

  • SHA512

    0043dea7d7eb88977806282ac6586b9fee3c39a522b5ed035b0e12c03ae95058c783c2078b3927c7595d5307d6a771cc37694bfa6f66db0bc2da6e411ae94e32

  • SSDEEP

    12288:UMrXy90AJzPVTDnysdkrn5/Uj9HRoRKvnagViOqfJB2RJAwW:byVRV3nymGn5sj9xoYSgVil2RBW

Malware Config

Extracted

Family

redline

Botnet

ruma

C2

193.233.20.13:4136

Attributes
  • auth_value

    647d00dfaba082a4a30f383bca5d1a2a

Targets

    • Target

      0030d18037d926f7aa95557519ec48c0e5f282ecbf4902f742d769be4678d5bb

    • Size

      529KB

    • MD5

      f911bb015238fdf677b5cbf742e77f3d

    • SHA1

      c4222eefa35758049160a2419eca568eab06bdb6

    • SHA256

      0030d18037d926f7aa95557519ec48c0e5f282ecbf4902f742d769be4678d5bb

    • SHA512

      0043dea7d7eb88977806282ac6586b9fee3c39a522b5ed035b0e12c03ae95058c783c2078b3927c7595d5307d6a771cc37694bfa6f66db0bc2da6e411ae94e32

    • SSDEEP

      12288:UMrXy90AJzPVTDnysdkrn5/Uj9HRoRKvnagViOqfJB2RJAwW:byVRV3nymGn5sj9xoYSgVil2RBW

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks