General

  • Target

    4ae1e7bb26eaacaa84a2fa49f378d55d8f8f282775973699fa920d9268781aeb

  • Size

    440KB

  • Sample

    241111-gtqvpsvcre

  • MD5

    1dd1aee8534ce430b1acd3d248d43925

  • SHA1

    e9fe4e3fb09a4c507910f16891a979e20bbb726f

  • SHA256

    4ae1e7bb26eaacaa84a2fa49f378d55d8f8f282775973699fa920d9268781aeb

  • SHA512

    ef6462b7c5996c93dfe5d813b1e9b629125e9d3df33aa086d2aab49f75dfdcdda4fcbc0993ed35feffd2ce1cc4a9f1a7ba48ce36dc52eca3c1852bc4eaa9270e

  • SSDEEP

    12288:7MrEy90XzgZ084FsIRmx9Efhqu5pDlCktkosWxEnc2Qt+si:fyw+UFsopfozktFsWxEnSPi

Malware Config

Extracted

Family

redline

Botnet

ronur

C2

193.233.20.20:4134

Attributes
  • auth_value

    f88f86755a528d4b25f6f3628c460965

Targets

    • Target

      4ae1e7bb26eaacaa84a2fa49f378d55d8f8f282775973699fa920d9268781aeb

    • Size

      440KB

    • MD5

      1dd1aee8534ce430b1acd3d248d43925

    • SHA1

      e9fe4e3fb09a4c507910f16891a979e20bbb726f

    • SHA256

      4ae1e7bb26eaacaa84a2fa49f378d55d8f8f282775973699fa920d9268781aeb

    • SHA512

      ef6462b7c5996c93dfe5d813b1e9b629125e9d3df33aa086d2aab49f75dfdcdda4fcbc0993ed35feffd2ce1cc4a9f1a7ba48ce36dc52eca3c1852bc4eaa9270e

    • SSDEEP

      12288:7MrEy90XzgZ084FsIRmx9Efhqu5pDlCktkosWxEnc2Qt+si:fyw+UFsopfozktFsWxEnSPi

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks