General

  • Target

    e075500210dfba6f1b4575a42d257028c9a262f0befe38bb14ccc816ffc88779

  • Size

    782KB

  • Sample

    241111-ej6r3a1qdw

  • MD5

    df9aed1485ac9cb6a3ab7bdac561ff8a

  • SHA1

    b00fd141f08cc04b0268a08b27fefee1381205ee

  • SHA256

    e075500210dfba6f1b4575a42d257028c9a262f0befe38bb14ccc816ffc88779

  • SHA512

    6957dfb3971c9c27fb0f12d0c5af0fbe0006afb2ba61e33236be0b99be0bfa36e1c067b71cfdbbe8f3cda3b5e7ec8ed9646d0f4c53fbe23936c919b3817304cc

  • SSDEEP

    24576:Ty1rSYgVGdR4sKc/6IPtXgaysYO7BRzwZwpdx/Mbvku:m1rSlAXHJ/TpHRYO7z2wpdsk

Malware Config

Extracted

Family

redline

Botnet

romik

C2

193.233.20.12:4132

Attributes
  • auth_value

    8fb78d2889ba0ca42678b59b884e88ff

Targets

    • Target

      e075500210dfba6f1b4575a42d257028c9a262f0befe38bb14ccc816ffc88779

    • Size

      782KB

    • MD5

      df9aed1485ac9cb6a3ab7bdac561ff8a

    • SHA1

      b00fd141f08cc04b0268a08b27fefee1381205ee

    • SHA256

      e075500210dfba6f1b4575a42d257028c9a262f0befe38bb14ccc816ffc88779

    • SHA512

      6957dfb3971c9c27fb0f12d0c5af0fbe0006afb2ba61e33236be0b99be0bfa36e1c067b71cfdbbe8f3cda3b5e7ec8ed9646d0f4c53fbe23936c919b3817304cc

    • SSDEEP

      24576:Ty1rSYgVGdR4sKc/6IPtXgaysYO7BRzwZwpdx/Mbvku:m1rSlAXHJ/TpHRYO7z2wpdsk

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks