General

  • Target

    16f8607579e12a0f42f2a3a7b06dab7d8343e14241ac3ebcde0d2fbc7038b080

  • Size

    567KB

  • Sample

    241111-cx5e2s1cmg

  • MD5

    eb68964cc0ca898c559c2fec2ceb7725

  • SHA1

    c0ba871ebc833a59a8818d079e2fe0bf705b08e2

  • SHA256

    16f8607579e12a0f42f2a3a7b06dab7d8343e14241ac3ebcde0d2fbc7038b080

  • SHA512

    befc97e3bebb3b8204138f083d36d69d9ba3aaa2e1b3d2ef8bfe4880717ef008e4799a0f00a6f17dd7ea086618c386351e4d6f20a73f049a813cf57bd2e6f6ce

  • SSDEEP

    12288:UMr8y90opwadFEJy/0SW7TOA83uFT1Z/HNwjVNMTO:QyVpDd5/9IL83yT1ZwVKTO

Malware Config

Extracted

Family

redline

Botnet

ronur

C2

193.233.20.20:4134

Attributes
  • auth_value

    f88f86755a528d4b25f6f3628c460965

Targets

    • Target

      16f8607579e12a0f42f2a3a7b06dab7d8343e14241ac3ebcde0d2fbc7038b080

    • Size

      567KB

    • MD5

      eb68964cc0ca898c559c2fec2ceb7725

    • SHA1

      c0ba871ebc833a59a8818d079e2fe0bf705b08e2

    • SHA256

      16f8607579e12a0f42f2a3a7b06dab7d8343e14241ac3ebcde0d2fbc7038b080

    • SHA512

      befc97e3bebb3b8204138f083d36d69d9ba3aaa2e1b3d2ef8bfe4880717ef008e4799a0f00a6f17dd7ea086618c386351e4d6f20a73f049a813cf57bd2e6f6ce

    • SSDEEP

      12288:UMr8y90opwadFEJy/0SW7TOA83uFT1Z/HNwjVNMTO:QyVpDd5/9IL83yT1ZwVKTO

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks