General

  • Target

    bba709ecd8c6785abdd28d7121f0b3b588d4d40fe5157e5515a6733058708853

  • Size

    716KB

  • Sample

    241111-btvwrsymfx

  • MD5

    efccf4ec2e228841a2c288647f687c96

  • SHA1

    c811af3663117099536c79d927770a3f263f6d0b

  • SHA256

    bba709ecd8c6785abdd28d7121f0b3b588d4d40fe5157e5515a6733058708853

  • SHA512

    c560c2919af24ab164524085b43ddb0c21d7be9cd68388b8c4aaf7395f3a35df290e65a625a0645bd624f4bdd77726b33d373166b5ba65488fc0673e9484e4e2

  • SSDEEP

    12288:9McK5a8Ra8NRiWBe4B83o/vVcgGQXB1+bddWKAmfXfUQbcs8rcmHaEs:ScK5phNZ/+uCghWhf/sQyZ8

Malware Config

Extracted

Family

redline

Botnet

romik

C2

193.233.20.12:4132

Attributes
  • auth_value

    8fb78d2889ba0ca42678b59b884e88ff

Targets

    • Target

      dca38093bc51d165acf5754982d66fe28509c85d65492d8428a240e1f85df435.exe

    • Size

      767KB

    • MD5

      83082232e13c9d8c4bdf53250665f2ed

    • SHA1

      ccb6e6406d2d09fc1e81cf247eec2ef7334c218d

    • SHA256

      dca38093bc51d165acf5754982d66fe28509c85d65492d8428a240e1f85df435

    • SHA512

      0c78d52c7cfadae1899864802b3f52564dc2fa055d8f44499dfac8e1010933b10c789e92a3761097a4aba7588f25330093a44e733b49b31c2ea8ea003f2aeafb

    • SSDEEP

      12288:cMrcy90+zgGidfPtVnYqKlvNAE5tUOetsKd4UTRta7/ChiM9wsYyIYSl3:Iy7zENW5jHRKhiMJa

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks