General

  • Target

    c9ae94b7e143602bc1123dc98058cee654eaea969e413411028c1a29a6ebc410

  • Size

    738KB

  • Sample

    241110-q1rv1syaqf

  • MD5

    76558c734dee1b4e7908c3a9a66a6ec7

  • SHA1

    49d12108ddda2d3308c60d9d1bbea543b600d1c0

  • SHA256

    c9ae94b7e143602bc1123dc98058cee654eaea969e413411028c1a29a6ebc410

  • SHA512

    888171d359ea0642d50c8c39bfb67548f31a500777dddebbb718782d2e12c438d2daca0a38f9057beadada2f394e00e78e9d1e2436069752e9fe2661fbdc03cf

  • SSDEEP

    12288:gMrUy90qLl744oDYDUAjwT1fVPqrNDO4z14rLRMB5SE62UM7kAURFv:Eyha4GYDUA8PqrNDJz1c1MrSYUIXURB

Malware Config

Extracted

Family

redline

Botnet

ruma

C2

193.233.20.13:4136

Attributes
  • auth_value

    647d00dfaba082a4a30f383bca5d1a2a

Targets

    • Target

      c9ae94b7e143602bc1123dc98058cee654eaea969e413411028c1a29a6ebc410

    • Size

      738KB

    • MD5

      76558c734dee1b4e7908c3a9a66a6ec7

    • SHA1

      49d12108ddda2d3308c60d9d1bbea543b600d1c0

    • SHA256

      c9ae94b7e143602bc1123dc98058cee654eaea969e413411028c1a29a6ebc410

    • SHA512

      888171d359ea0642d50c8c39bfb67548f31a500777dddebbb718782d2e12c438d2daca0a38f9057beadada2f394e00e78e9d1e2436069752e9fe2661fbdc03cf

    • SSDEEP

      12288:gMrUy90qLl744oDYDUAjwT1fVPqrNDO4z14rLRMB5SE62UM7kAURFv:Eyha4GYDUA8PqrNDJz1c1MrSYUIXURB

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks