General

  • Target

    51f84d75db8446c865d0eae9a5de8d569fa156b1741c8d5f3e20c332dfbd21e2

  • Size

    529KB

  • Sample

    241110-q5vsgaxhkj

  • MD5

    c313a2b6d91b9adaabdca116daaf208d

  • SHA1

    405ef082d1fbbc5bb71de1d9f4a1d6b2261c36b8

  • SHA256

    51f84d75db8446c865d0eae9a5de8d569fa156b1741c8d5f3e20c332dfbd21e2

  • SHA512

    2e9cc659a75a70f1a913f84730159f3336c65b2431440ca6487b13ab1b34bbae57bbadcdf3b1e951919cdc723fe1a904329feaad2409eef762445eced1323ca6

  • SSDEEP

    12288:5MrLy90sQjl8XuS+g4vrZR7x+2HrQS9Hbo7KvnagVaOqfJB2lJAsg:Gy0WuZg4TAVS97o2SgVal2lFg

Malware Config

Extracted

Family

redline

Botnet

ruma

C2

193.233.20.13:4136

Attributes
  • auth_value

    647d00dfaba082a4a30f383bca5d1a2a

Targets

    • Target

      51f84d75db8446c865d0eae9a5de8d569fa156b1741c8d5f3e20c332dfbd21e2

    • Size

      529KB

    • MD5

      c313a2b6d91b9adaabdca116daaf208d

    • SHA1

      405ef082d1fbbc5bb71de1d9f4a1d6b2261c36b8

    • SHA256

      51f84d75db8446c865d0eae9a5de8d569fa156b1741c8d5f3e20c332dfbd21e2

    • SHA512

      2e9cc659a75a70f1a913f84730159f3336c65b2431440ca6487b13ab1b34bbae57bbadcdf3b1e951919cdc723fe1a904329feaad2409eef762445eced1323ca6

    • SSDEEP

      12288:5MrLy90sQjl8XuS+g4vrZR7x+2HrQS9Hbo7KvnagVaOqfJB2lJAsg:Gy0WuZg4TAVS97o2SgVal2lFg

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks