General

  • Target

    f6f302adb342a35106b9f365d177e470ff2fcf426b3423843b8c45579d9cff28

  • Size

    654KB

  • Sample

    241111-frl83aspdt

  • MD5

    d5e01c5b8c8dbf6ae490a87224c30485

  • SHA1

    4116d992a834c3716f4ad48c1747c0a096c6bf59

  • SHA256

    f6f302adb342a35106b9f365d177e470ff2fcf426b3423843b8c45579d9cff28

  • SHA512

    5e43c915cc08dd10b9ab6c5fdebbf229ad9fc35552c4c6cc19abad4b07bdd9d1b2e7d7fbe8c727609dd5ee7e602997f7ac5649e78da5bbd592d1107965d2163e

  • SSDEEP

    12288:GMrjy908NFq5JypVQQmE4cUPP5KeCaokR3r9kh4pKpjiPttPfIr4CF:dyfNFq58p/nlUPP5dpxRTCjGttPfI0CF

Malware Config

Extracted

Family

redline

Botnet

romik

C2

193.233.20.12:4132

Attributes
  • auth_value

    8fb78d2889ba0ca42678b59b884e88ff

Targets

    • Target

      f6f302adb342a35106b9f365d177e470ff2fcf426b3423843b8c45579d9cff28

    • Size

      654KB

    • MD5

      d5e01c5b8c8dbf6ae490a87224c30485

    • SHA1

      4116d992a834c3716f4ad48c1747c0a096c6bf59

    • SHA256

      f6f302adb342a35106b9f365d177e470ff2fcf426b3423843b8c45579d9cff28

    • SHA512

      5e43c915cc08dd10b9ab6c5fdebbf229ad9fc35552c4c6cc19abad4b07bdd9d1b2e7d7fbe8c727609dd5ee7e602997f7ac5649e78da5bbd592d1107965d2163e

    • SSDEEP

      12288:GMrjy908NFq5JypVQQmE4cUPP5KeCaokR3r9kh4pKpjiPttPfIr4CF:dyfNFq58p/nlUPP5dpxRTCjGttPfI0CF

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks