General

  • Target

    a9ec01b513a51b8d0048fa17cb29a35a0c5831046e8c5a0f604694c959d6b976

  • Size

    838KB

  • Sample

    241111-df49ds1gqa

  • MD5

    78dec5dc8a1a8b32a3d636f07f2d8c14

  • SHA1

    28e13b482ee1fa32f630f138dfa57020856a02e3

  • SHA256

    a9ec01b513a51b8d0048fa17cb29a35a0c5831046e8c5a0f604694c959d6b976

  • SHA512

    da09ea3ea7e5fcd84db46d71e7b1ef88092e70470cfc4646231a0221bac45caa7e5ca8eeac4adbca3a7d6a623fcbfbfe81423f7d346b863430c6fbfe75eee6b6

  • SSDEEP

    24576:zyVBG7AJG0dDsj0WUaCcIWoBsre9dG43A833:GjxG0dDGFIWoBsrea4wq

Malware Config

Extracted

Family

redline

Botnet

romik

C2

193.233.20.12:4132

Attributes
  • auth_value

    8fb78d2889ba0ca42678b59b884e88ff

Targets

    • Target

      a9ec01b513a51b8d0048fa17cb29a35a0c5831046e8c5a0f604694c959d6b976

    • Size

      838KB

    • MD5

      78dec5dc8a1a8b32a3d636f07f2d8c14

    • SHA1

      28e13b482ee1fa32f630f138dfa57020856a02e3

    • SHA256

      a9ec01b513a51b8d0048fa17cb29a35a0c5831046e8c5a0f604694c959d6b976

    • SHA512

      da09ea3ea7e5fcd84db46d71e7b1ef88092e70470cfc4646231a0221bac45caa7e5ca8eeac4adbca3a7d6a623fcbfbfe81423f7d346b863430c6fbfe75eee6b6

    • SSDEEP

      24576:zyVBG7AJG0dDsj0WUaCcIWoBsre9dG43A833:GjxG0dDGFIWoBsrea4wq

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks