General

  • Target

    b355b3d86b2daaee07b87130505b0aae148267cd84584083b6bf89a696806c07

  • Size

    769KB

  • Sample

    241111-gm44ravcla

  • MD5

    faeb32792988b198a8bc76970183af8e

  • SHA1

    0fc9bb05d642ed2c9a43d2f9edd68b76bb3c00da

  • SHA256

    b355b3d86b2daaee07b87130505b0aae148267cd84584083b6bf89a696806c07

  • SHA512

    101f7254595fe2bad01a1cb6d3e63dbcf046fef85a94ef40dd3513f544ec2c86dac50cf748054892be42985934520ac131a832aa35139560875c41e5d93ccf84

  • SSDEEP

    24576:vy3BsiZwe6Y/SI/emdD/3FfzPwDq+MqT0J:63BsUwRY/SI/5N/31Pwmqg

Malware Config

Extracted

Family

redline

Botnet

romik

C2

193.233.20.12:4132

Attributes
  • auth_value

    8fb78d2889ba0ca42678b59b884e88ff

Targets

    • Target

      b355b3d86b2daaee07b87130505b0aae148267cd84584083b6bf89a696806c07

    • Size

      769KB

    • MD5

      faeb32792988b198a8bc76970183af8e

    • SHA1

      0fc9bb05d642ed2c9a43d2f9edd68b76bb3c00da

    • SHA256

      b355b3d86b2daaee07b87130505b0aae148267cd84584083b6bf89a696806c07

    • SHA512

      101f7254595fe2bad01a1cb6d3e63dbcf046fef85a94ef40dd3513f544ec2c86dac50cf748054892be42985934520ac131a832aa35139560875c41e5d93ccf84

    • SSDEEP

      24576:vy3BsiZwe6Y/SI/emdD/3FfzPwDq+MqT0J:63BsUwRY/SI/5N/31Pwmqg

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks