General

  • Target

    3bbb6559347fa1756aea67708fb493ed020aa86753f05a40d01798c1cd38a4d1

  • Size

    441KB

  • Sample

    241111-hna3qsvhme

  • MD5

    cb419bd48eaeaea61f02ded9e041f0d8

  • SHA1

    535fc22c74e6892b4449bc379669f5f53cbd4f26

  • SHA256

    3bbb6559347fa1756aea67708fb493ed020aa86753f05a40d01798c1cd38a4d1

  • SHA512

    78058f18b6640737e0f2d79fcfdf4eb04f1c2209a03ec3272644b00ab1469bbcad41c2b9f7d450872f4c44f6b3a66063863e448b6dd0790303cb68d62b800df2

  • SSDEEP

    12288:CMrCy90XOuiXeKJA/LokpJ+y39L+U4h7v2Sf:IykONXAZp0yb4N2Sf

Malware Config

Extracted

Family

redline

Botnet

ramon

C2

193.233.20.23:4123

Attributes
  • auth_value

    3197576965d9513f115338c233015b40

Targets

    • Target

      3bbb6559347fa1756aea67708fb493ed020aa86753f05a40d01798c1cd38a4d1

    • Size

      441KB

    • MD5

      cb419bd48eaeaea61f02ded9e041f0d8

    • SHA1

      535fc22c74e6892b4449bc379669f5f53cbd4f26

    • SHA256

      3bbb6559347fa1756aea67708fb493ed020aa86753f05a40d01798c1cd38a4d1

    • SHA512

      78058f18b6640737e0f2d79fcfdf4eb04f1c2209a03ec3272644b00ab1469bbcad41c2b9f7d450872f4c44f6b3a66063863e448b6dd0790303cb68d62b800df2

    • SSDEEP

      12288:CMrCy90XOuiXeKJA/LokpJ+y39L+U4h7v2Sf:IykONXAZp0yb4N2Sf

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks