General

  • Target

    8d401cd9e1cfdec82daf8016e56e125b4d9103d37af45ef3042172bfb0d9e68e

  • Size

    564KB

  • Sample

    241111-gmk1watgrr

  • MD5

    0266c4a19e5c3a993fb0e570b5de2291

  • SHA1

    56f5276a2495074541ca9f9f667254b4d1a17657

  • SHA256

    8d401cd9e1cfdec82daf8016e56e125b4d9103d37af45ef3042172bfb0d9e68e

  • SHA512

    5d25a84b8d8b7886d76e876fe99e57ab45671d03e1962a01c550e0b4d5e2e4f4ae0bdc41e0601116a76760a792e2a1a6e682b079019512386bdf56a22557b2cb

  • SSDEEP

    12288:aMriy90gcPlbHYHl///vOZOrkPdS4ycV7lHa4BBS4N6u:UyOtb4F//eZP0JeJaCBS4Qu

Malware Config

Extracted

Family

redline

Botnet

ronur

C2

193.233.20.20:4134

Attributes
  • auth_value

    f88f86755a528d4b25f6f3628c460965

Targets

    • Target

      8d401cd9e1cfdec82daf8016e56e125b4d9103d37af45ef3042172bfb0d9e68e

    • Size

      564KB

    • MD5

      0266c4a19e5c3a993fb0e570b5de2291

    • SHA1

      56f5276a2495074541ca9f9f667254b4d1a17657

    • SHA256

      8d401cd9e1cfdec82daf8016e56e125b4d9103d37af45ef3042172bfb0d9e68e

    • SHA512

      5d25a84b8d8b7886d76e876fe99e57ab45671d03e1962a01c550e0b4d5e2e4f4ae0bdc41e0601116a76760a792e2a1a6e682b079019512386bdf56a22557b2cb

    • SSDEEP

      12288:aMriy90gcPlbHYHl///vOZOrkPdS4ycV7lHa4BBS4N6u:UyOtb4F//eZP0JeJaCBS4Qu

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks