General

  • Target

    cbef8e26a0179c077ca4138dee22ceff71a7721075c02aaee618f4eeaa4731de

  • Size

    769KB

  • Sample

    241111-femztswqbm

  • MD5

    adebe73b2dc677430d903c9cdd22f291

  • SHA1

    ddd8bd577d379b1c2be79d0f0cf3b547a0a74cb2

  • SHA256

    cbef8e26a0179c077ca4138dee22ceff71a7721075c02aaee618f4eeaa4731de

  • SHA512

    ca74138dc66267404788ffe28bc27dbda3ceb8e1dd9ce76d9f4d83efc2b864b35cfe450962c6975d6ed9fb32c742b5265825e0247c0d8c621fd0ce54e2846bc6

  • SSDEEP

    24576:nyvhpzuOEsGVW/YaGK8H+QVKkPh0przca7:yvhpzJKgg+uGrzl

Malware Config

Extracted

Family

redline

Botnet

romik

C2

193.233.20.12:4132

Attributes
  • auth_value

    8fb78d2889ba0ca42678b59b884e88ff

Targets

    • Target

      cbef8e26a0179c077ca4138dee22ceff71a7721075c02aaee618f4eeaa4731de

    • Size

      769KB

    • MD5

      adebe73b2dc677430d903c9cdd22f291

    • SHA1

      ddd8bd577d379b1c2be79d0f0cf3b547a0a74cb2

    • SHA256

      cbef8e26a0179c077ca4138dee22ceff71a7721075c02aaee618f4eeaa4731de

    • SHA512

      ca74138dc66267404788ffe28bc27dbda3ceb8e1dd9ce76d9f4d83efc2b864b35cfe450962c6975d6ed9fb32c742b5265825e0247c0d8c621fd0ce54e2846bc6

    • SSDEEP

      24576:nyvhpzuOEsGVW/YaGK8H+QVKkPh0przca7:yvhpzJKgg+uGrzl

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks