General

  • Target

    3578238d70553956da01130654d0403d9fac821ccd3a18778c245bc417183f8e

  • Size

    529KB

  • Sample

    241110-rl5zrsyejb

  • MD5

    b501ab8cc1d013086422978d0a1756e4

  • SHA1

    0bf5a2935bf242533ca331e5d05e4570d988bf73

  • SHA256

    3578238d70553956da01130654d0403d9fac821ccd3a18778c245bc417183f8e

  • SHA512

    c0b6101069bb6cada887f453ce119277ea1a93a7465a38f9f16d98f3b81023ea1f1b780b3acfe3f140bf22a56b7d603a6179d5126b81386f9bf73198d60a7f83

  • SSDEEP

    12288:rMrey9077bSCASPht1lkeoOytA7Jv2DBL3y7CJnPzPsCnp4lqU8:5yOuKroTL3y7SPpI8

Malware Config

Extracted

Family

redline

Botnet

ruma

C2

193.233.20.13:4136

Attributes
  • auth_value

    647d00dfaba082a4a30f383bca5d1a2a

Targets

    • Target

      3578238d70553956da01130654d0403d9fac821ccd3a18778c245bc417183f8e

    • Size

      529KB

    • MD5

      b501ab8cc1d013086422978d0a1756e4

    • SHA1

      0bf5a2935bf242533ca331e5d05e4570d988bf73

    • SHA256

      3578238d70553956da01130654d0403d9fac821ccd3a18778c245bc417183f8e

    • SHA512

      c0b6101069bb6cada887f453ce119277ea1a93a7465a38f9f16d98f3b81023ea1f1b780b3acfe3f140bf22a56b7d603a6179d5126b81386f9bf73198d60a7f83

    • SSDEEP

      12288:rMrey9077bSCASPht1lkeoOytA7Jv2DBL3y7CJnPzPsCnp4lqU8:5yOuKroTL3y7SPpI8

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks