General

  • Target

    28bf52b600e2cba2d16ffc15d4195a8a689b58f6c83e995c842b163f20495fc1

  • Size

    838KB

  • Sample

    241111-anv4xa1pdr

  • MD5

    0f5310738546334d7d8685d61e47bcb9

  • SHA1

    53e77d87623b29e388a6241466f857ebe706a64e

  • SHA256

    28bf52b600e2cba2d16ffc15d4195a8a689b58f6c83e995c842b163f20495fc1

  • SHA512

    69f8a9672cc0e9c7d7f46fe2070866deba00e3c5ba1ab6551fd2661d5f35c90da7f2a2383656649492ffaaef5a3b9fd01a8d2620dbfbf91a02e551b4b91aef83

  • SSDEEP

    12288:oMroy90+bb5ZcUWwU1/9Qe9snshxOMl3qmDHgIsEKw2Bpl4hU3TQDtlgVW:gylbbjdWRWe2shom3qSAIsEK14S2lP

Malware Config

Extracted

Family

redline

Botnet

romik

C2

193.233.20.12:4132

Attributes
  • auth_value

    8fb78d2889ba0ca42678b59b884e88ff

Targets

    • Target

      28bf52b600e2cba2d16ffc15d4195a8a689b58f6c83e995c842b163f20495fc1

    • Size

      838KB

    • MD5

      0f5310738546334d7d8685d61e47bcb9

    • SHA1

      53e77d87623b29e388a6241466f857ebe706a64e

    • SHA256

      28bf52b600e2cba2d16ffc15d4195a8a689b58f6c83e995c842b163f20495fc1

    • SHA512

      69f8a9672cc0e9c7d7f46fe2070866deba00e3c5ba1ab6551fd2661d5f35c90da7f2a2383656649492ffaaef5a3b9fd01a8d2620dbfbf91a02e551b4b91aef83

    • SSDEEP

      12288:oMroy90+bb5ZcUWwU1/9Qe9snshxOMl3qmDHgIsEKw2Bpl4hU3TQDtlgVW:gylbbjdWRWe2shom3qSAIsEK14S2lP

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks