General

  • Target

    389dfcfd0f29b4ac0e63984f1fdd3d92b406262f185068b850ac96d3c8d9c862

  • Size

    758KB

  • Sample

    241110-y184asxmdm

  • MD5

    7617ef32ed1522b54fe29aa083c59384

  • SHA1

    5c1f53bcc884f323a637157eaf6d85c1aa6772de

  • SHA256

    389dfcfd0f29b4ac0e63984f1fdd3d92b406262f185068b850ac96d3c8d9c862

  • SHA512

    062e31a89f0c27a24692f39d7d1b0481d5a395ecc62c2a5a144e4390f9653b6d815d47efd2f186beb34a8c7d816be4b6260a739ddbec35eeb273f810c1df56bc

  • SSDEEP

    12288:6Mrsy90fqxCNAnNwVavHCC0TbkQIowvzK44VyNzsaXls0EMPozhX55Hh:uylx3nNoavHCC06ov49w4PshX55B

Malware Config

Extracted

Family

redline

Botnet

romik

C2

193.233.20.12:4132

Attributes
  • auth_value

    8fb78d2889ba0ca42678b59b884e88ff

Targets

    • Target

      389dfcfd0f29b4ac0e63984f1fdd3d92b406262f185068b850ac96d3c8d9c862

    • Size

      758KB

    • MD5

      7617ef32ed1522b54fe29aa083c59384

    • SHA1

      5c1f53bcc884f323a637157eaf6d85c1aa6772de

    • SHA256

      389dfcfd0f29b4ac0e63984f1fdd3d92b406262f185068b850ac96d3c8d9c862

    • SHA512

      062e31a89f0c27a24692f39d7d1b0481d5a395ecc62c2a5a144e4390f9653b6d815d47efd2f186beb34a8c7d816be4b6260a739ddbec35eeb273f810c1df56bc

    • SSDEEP

      12288:6Mrsy90fqxCNAnNwVavHCC0TbkQIowvzK44VyNzsaXls0EMPozhX55Hh:uylx3nNoavHCC06ov49w4PshX55B

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks