General

  • Target

    c257410e48e26409e9cc1462ca63ab856fd00c5dfed58332ab63d7a654c08049.exe

  • Size

    439KB

  • Sample

    241111-gm1rbstkhw

  • MD5

    16c9ddb6fd6d14f638e44e12d0936f45

  • SHA1

    379268e38c93405fefbd2b51d94fc538a76c80a4

  • SHA256

    c257410e48e26409e9cc1462ca63ab856fd00c5dfed58332ab63d7a654c08049

  • SHA512

    7aa0e5bad9bd5d502d6308f4365e37db63ecb5af449259ca5d2978edf56235b2e09836250f5092d54f2dca5816b2199ef3a0512c89bfa8e0e58473176a37bec7

  • SSDEEP

    6144:KMy+bnr+np0yN90QE4FMQ/0Yg+of0zQA5qjGBwv8QIlGWc8HxXDsyhR3H5CTiKaE:cMrzy90OqYLzf5kGBwRIlGWLZHsTMI/

Malware Config

Extracted

Family

redline

Botnet

ronur

C2

193.233.20.20:4134

Attributes
  • auth_value

    f88f86755a528d4b25f6f3628c460965

Targets

    • Target

      c257410e48e26409e9cc1462ca63ab856fd00c5dfed58332ab63d7a654c08049.exe

    • Size

      439KB

    • MD5

      16c9ddb6fd6d14f638e44e12d0936f45

    • SHA1

      379268e38c93405fefbd2b51d94fc538a76c80a4

    • SHA256

      c257410e48e26409e9cc1462ca63ab856fd00c5dfed58332ab63d7a654c08049

    • SHA512

      7aa0e5bad9bd5d502d6308f4365e37db63ecb5af449259ca5d2978edf56235b2e09836250f5092d54f2dca5816b2199ef3a0512c89bfa8e0e58473176a37bec7

    • SSDEEP

      6144:KMy+bnr+np0yN90QE4FMQ/0Yg+of0zQA5qjGBwv8QIlGWc8HxXDsyhR3H5CTiKaE:cMrzy90OqYLzf5kGBwRIlGWLZHsTMI/

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks