General

  • Target

    bba2913b65b504ef6fb7103b5362b5c2af952d69f254a3cbf91f34745c8f4ca3

  • Size

    739KB

  • Sample

    241110-qdbkhswqgy

  • MD5

    c3024b81b42077d639af67b232da1edb

  • SHA1

    327079402579055ba6a78f1caea5d14b256923b6

  • SHA256

    bba2913b65b504ef6fb7103b5362b5c2af952d69f254a3cbf91f34745c8f4ca3

  • SHA512

    21441bce0504f16dfee8202ab1fb238c03ecc63632f6d2246adfb1ecc41572d8dd214d58a8d2394a67162fb81503f4efb85b530155826f1639dc8f4f20049f21

  • SSDEEP

    12288:lMr7y90yfzuNdSrprnPuB/b5FNshfM0OEU2tKyrQ+mvBB626LTaFn:qyvYeW/bLNshfM0OEL4yev63in

Malware Config

Extracted

Family

redline

Botnet

ruma

C2

193.233.20.13:4136

Attributes
  • auth_value

    647d00dfaba082a4a30f383bca5d1a2a

Targets

    • Target

      bba2913b65b504ef6fb7103b5362b5c2af952d69f254a3cbf91f34745c8f4ca3

    • Size

      739KB

    • MD5

      c3024b81b42077d639af67b232da1edb

    • SHA1

      327079402579055ba6a78f1caea5d14b256923b6

    • SHA256

      bba2913b65b504ef6fb7103b5362b5c2af952d69f254a3cbf91f34745c8f4ca3

    • SHA512

      21441bce0504f16dfee8202ab1fb238c03ecc63632f6d2246adfb1ecc41572d8dd214d58a8d2394a67162fb81503f4efb85b530155826f1639dc8f4f20049f21

    • SSDEEP

      12288:lMr7y90yfzuNdSrprnPuB/b5FNshfM0OEU2tKyrQ+mvBB626LTaFn:qyvYeW/bLNshfM0OEL4yev63in

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks