General

  • Target

    28f580286193191681abdd3e9c3c3222ffaa5d7bed609337951b308ee10a7e20

  • Size

    837KB

  • Sample

    241111-hepjrsvgka

  • MD5

    eda43b32a55651f23b9169b54e3ba01b

  • SHA1

    d693c68c8c8444a20f06e3702e3be8d3b70c24ec

  • SHA256

    28f580286193191681abdd3e9c3c3222ffaa5d7bed609337951b308ee10a7e20

  • SHA512

    5d54490841b38bf2456c7944524f8d22f69d3314b9901763adc43cd0e8e624be1ffea75b7dcb9bef3c352dd4c0b9762c9578a468acf22907b164c5ff0826a292

  • SSDEEP

    24576:4yP/vGRed32fJERDdV6JWKmJgudgfP2TMut/oMiQ:/PcU3JTK1jAt

Malware Config

Extracted

Family

redline

Botnet

romik

C2

193.233.20.12:4132

Attributes
  • auth_value

    8fb78d2889ba0ca42678b59b884e88ff

Targets

    • Target

      28f580286193191681abdd3e9c3c3222ffaa5d7bed609337951b308ee10a7e20

    • Size

      837KB

    • MD5

      eda43b32a55651f23b9169b54e3ba01b

    • SHA1

      d693c68c8c8444a20f06e3702e3be8d3b70c24ec

    • SHA256

      28f580286193191681abdd3e9c3c3222ffaa5d7bed609337951b308ee10a7e20

    • SHA512

      5d54490841b38bf2456c7944524f8d22f69d3314b9901763adc43cd0e8e624be1ffea75b7dcb9bef3c352dd4c0b9762c9578a468acf22907b164c5ff0826a292

    • SSDEEP

      24576:4yP/vGRed32fJERDdV6JWKmJgudgfP2TMut/oMiQ:/PcU3JTK1jAt

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks