General

  • Target

    5526514e5ba93d17e9f4d87cb5138b8df96e37e66c4cb92257e66b23fb5f0fc2

  • Size

    759KB

  • Sample

    241111-dxhfys1lbz

  • MD5

    0afdc095dc27f089072f887a1c24114b

  • SHA1

    4b8bd77ee4a4e02179e99fd91b451e03cc1e271a

  • SHA256

    5526514e5ba93d17e9f4d87cb5138b8df96e37e66c4cb92257e66b23fb5f0fc2

  • SHA512

    d470fd46e8b12b093e4614c1ceaf3f7fd54e872453d6b7690c0a7ab92c7637e38fb053072b5bae7748fb3ac41e361c970ce040ac985f8ce821cafd82c2a3c89a

  • SSDEEP

    12288:MMr7y90DGowVazxLyJoRqvmdYzdLJVHaDMghoATwAITPsQae6uYBt2GbiZ:nyMAVapRm35LJNrgRTIsTpbiZ

Malware Config

Extracted

Family

redline

Botnet

romik

C2

193.233.20.12:4132

Attributes
  • auth_value

    8fb78d2889ba0ca42678b59b884e88ff

Targets

    • Target

      5526514e5ba93d17e9f4d87cb5138b8df96e37e66c4cb92257e66b23fb5f0fc2

    • Size

      759KB

    • MD5

      0afdc095dc27f089072f887a1c24114b

    • SHA1

      4b8bd77ee4a4e02179e99fd91b451e03cc1e271a

    • SHA256

      5526514e5ba93d17e9f4d87cb5138b8df96e37e66c4cb92257e66b23fb5f0fc2

    • SHA512

      d470fd46e8b12b093e4614c1ceaf3f7fd54e872453d6b7690c0a7ab92c7637e38fb053072b5bae7748fb3ac41e361c970ce040ac985f8ce821cafd82c2a3c89a

    • SSDEEP

      12288:MMr7y90DGowVazxLyJoRqvmdYzdLJVHaDMghoATwAITPsQae6uYBt2GbiZ:nyMAVapRm35LJNrgRTIsTpbiZ

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks