General

  • Target

    8aef0b80dc3230f4fb62afd18ec236a420f401861da90bc0e12ce4e5689d8328

  • Size

    431KB

  • Sample

    241111-ggn6catkcx

  • MD5

    12ea9f733d2c5c237beebd09760c58c0

  • SHA1

    a51afb750a74b84d5c86bd7a646195bdc507c508

  • SHA256

    8aef0b80dc3230f4fb62afd18ec236a420f401861da90bc0e12ce4e5689d8328

  • SHA512

    6b5e493729912c0a1e901eb7e07048280ea8bb16a2313f68949e91bb10af6da19f621ceb3a9fe8a7776ede061dcad16a9ab8f57fffe7bfbd7a4a513829feb382

  • SSDEEP

    6144:K+y+bnr+1p0yN90QEJooBH8o9+vzM8Fc5Nx61gyyQ2RolKBKODe64ru:KMrty90wvn1gyyQWqUKjK

Malware Config

Extracted

Family

redline

Botnet

ramon

C2

193.233.20.23:4123

Attributes
  • auth_value

    3197576965d9513f115338c233015b40

Targets

    • Target

      8aef0b80dc3230f4fb62afd18ec236a420f401861da90bc0e12ce4e5689d8328

    • Size

      431KB

    • MD5

      12ea9f733d2c5c237beebd09760c58c0

    • SHA1

      a51afb750a74b84d5c86bd7a646195bdc507c508

    • SHA256

      8aef0b80dc3230f4fb62afd18ec236a420f401861da90bc0e12ce4e5689d8328

    • SHA512

      6b5e493729912c0a1e901eb7e07048280ea8bb16a2313f68949e91bb10af6da19f621ceb3a9fe8a7776ede061dcad16a9ab8f57fffe7bfbd7a4a513829feb382

    • SSDEEP

      6144:K+y+bnr+1p0yN90QEJooBH8o9+vzM8Fc5Nx61gyyQ2RolKBKODe64ru:KMrty90wvn1gyyQWqUKjK

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks