General

  • Target

    942685baa59a3b5a00559c73b47442e771ee6f035614c955a2a3aa5c484dacf9N.exe

  • Size

    839KB

  • Sample

    241110-zvn2lsvekl

  • MD5

    4ae979d22274053a735c515f9110c7dd

  • SHA1

    1dd997c238d5c2dd462d32fd98e112623a708282

  • SHA256

    b44a2c750ac318d738a575e679403fb6f4171de8f985d7bc9f2ae9956ca74494

  • SHA512

    21b453c826e71de2194f68625bf7e99e318247d17a7ee84076a7bd977b5c1078bd9bbd412ddae8dc21adbf864ead5f77a27848945ba9dae7f8a5c43e1b376aa4

  • SSDEEP

    12288:LMr9y90XvVXqdFlfGwvVnfrD1hYqx54DW10TrwfTxZn/U3hZGsOL2Q9+RDCab9:2y+VopZhfrjZOc9Z/ShYB+RDCab9

Malware Config

Extracted

Family

redline

Botnet

romik

C2

193.233.20.12:4132

Attributes
  • auth_value

    8fb78d2889ba0ca42678b59b884e88ff

Targets

    • Target

      942685baa59a3b5a00559c73b47442e771ee6f035614c955a2a3aa5c484dacf9N.exe

    • Size

      839KB

    • MD5

      4ae979d22274053a735c515f9110c7dd

    • SHA1

      1dd997c238d5c2dd462d32fd98e112623a708282

    • SHA256

      b44a2c750ac318d738a575e679403fb6f4171de8f985d7bc9f2ae9956ca74494

    • SHA512

      21b453c826e71de2194f68625bf7e99e318247d17a7ee84076a7bd977b5c1078bd9bbd412ddae8dc21adbf864ead5f77a27848945ba9dae7f8a5c43e1b376aa4

    • SSDEEP

      12288:LMr9y90XvVXqdFlfGwvVnfrD1hYqx54DW10TrwfTxZn/U3hZGsOL2Q9+RDCab9:2y+VopZhfrjZOc9Z/ShYB+RDCab9

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks