General

  • Target

    ce02df6ac9b657339ce75d4dcc3a5ed0770aa0a482908d1a5b4ed93ceda02e25

  • Size

    740KB

  • Sample

    241110-r5y1kaskcp

  • MD5

    2b19ae40162ea0b452887bc52298d177

  • SHA1

    4ecbfb1458fea36a885a54e721e354399c697e32

  • SHA256

    ce02df6ac9b657339ce75d4dcc3a5ed0770aa0a482908d1a5b4ed93ceda02e25

  • SHA512

    ba4f0f2d54b0be1080ec9c16a76b6303793ae5859833f942d3ef55a787db3298f5842a4aa4a124f166c1fdd3e8f32cdc94838df8f29db09d01109fb1df2bdd1d

  • SSDEEP

    12288:JMruy90kUVXLimWkK2z57We+EWRYtXhdPSUwn4oRPZJmMD/6eAIB5:DyIVXXRNCsKYJvw4o1+M+eAe

Malware Config

Extracted

Family

redline

Botnet

ruma

C2

193.233.20.13:4136

Attributes
  • auth_value

    647d00dfaba082a4a30f383bca5d1a2a

Targets

    • Target

      ce02df6ac9b657339ce75d4dcc3a5ed0770aa0a482908d1a5b4ed93ceda02e25

    • Size

      740KB

    • MD5

      2b19ae40162ea0b452887bc52298d177

    • SHA1

      4ecbfb1458fea36a885a54e721e354399c697e32

    • SHA256

      ce02df6ac9b657339ce75d4dcc3a5ed0770aa0a482908d1a5b4ed93ceda02e25

    • SHA512

      ba4f0f2d54b0be1080ec9c16a76b6303793ae5859833f942d3ef55a787db3298f5842a4aa4a124f166c1fdd3e8f32cdc94838df8f29db09d01109fb1df2bdd1d

    • SSDEEP

      12288:JMruy90kUVXLimWkK2z57We+EWRYtXhdPSUwn4oRPZJmMD/6eAIB5:DyIVXXRNCsKYJvw4o1+M+eAe

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks