General

  • Target

    e143c8a931b9e91b4d0492df3b7a14d3ed432d2a8a713652840142af7ec805b0

  • Size

    739KB

  • Sample

    241110-mlxaeavjbv

  • MD5

    70b8a1a163f08059b7382096d9ae7bbb

  • SHA1

    018b80473a9dd842b44ea054ed3d61b1711ad1e1

  • SHA256

    e143c8a931b9e91b4d0492df3b7a14d3ed432d2a8a713652840142af7ec805b0

  • SHA512

    46a382b0bcbcf83734a3bac3ff54a49e5fd70df6c53241d35da424fc07c5eb4ce5bfb2cfb2909d9b198708807b33c402cb0522fb9efa24c1c25ee167da8a4bfb

  • SSDEEP

    12288:9MrTy901JdVBtX3WNUvbDcKXbx9QfKL+EUw/WV0QcmvXoQRY:6y2/VTXaSDc6PQfKL+Er+VLv4QS

Malware Config

Extracted

Family

redline

Botnet

ruma

C2

193.233.20.13:4136

Attributes
  • auth_value

    647d00dfaba082a4a30f383bca5d1a2a

Targets

    • Target

      e143c8a931b9e91b4d0492df3b7a14d3ed432d2a8a713652840142af7ec805b0

    • Size

      739KB

    • MD5

      70b8a1a163f08059b7382096d9ae7bbb

    • SHA1

      018b80473a9dd842b44ea054ed3d61b1711ad1e1

    • SHA256

      e143c8a931b9e91b4d0492df3b7a14d3ed432d2a8a713652840142af7ec805b0

    • SHA512

      46a382b0bcbcf83734a3bac3ff54a49e5fd70df6c53241d35da424fc07c5eb4ce5bfb2cfb2909d9b198708807b33c402cb0522fb9efa24c1c25ee167da8a4bfb

    • SSDEEP

      12288:9MrTy901JdVBtX3WNUvbDcKXbx9QfKL+EUw/WV0QcmvXoQRY:6y2/VTXaSDc6PQfKL+Er+VLv4QS

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks