General

  • Target

    ec87647a1800a44a56f871c738ff80826a1ae8c7ec33141961936e1195c791dc

  • Size

    424KB

  • Sample

    241111-hr38paymbl

  • MD5

    29c8ee0dbda02cc09b2646f7d075bc21

  • SHA1

    77100c912eb4f9d9dde0cab07259a0d236bb606e

  • SHA256

    ec87647a1800a44a56f871c738ff80826a1ae8c7ec33141961936e1195c791dc

  • SHA512

    0006cd64e3b83344daddc4169635a22b482849c204f79ac555e0085b56c6b7c23709f48e2c101dac2c518b3232844dbafcc1d101791b0f77f488aa63573db941

  • SSDEEP

    6144:Ksy+bnr+ap0yN90QEgAVAgAwghnB9Evdg+h8rc5QZEvp1mepkboJ9fIG7ZSP:0MrOy90aIAwVVg68rcyZakboHIGm

Malware Config

Extracted

Family

redline

Botnet

ronur

C2

193.233.20.20:4134

Attributes
  • auth_value

    f88f86755a528d4b25f6f3628c460965

Targets

    • Target

      ec87647a1800a44a56f871c738ff80826a1ae8c7ec33141961936e1195c791dc

    • Size

      424KB

    • MD5

      29c8ee0dbda02cc09b2646f7d075bc21

    • SHA1

      77100c912eb4f9d9dde0cab07259a0d236bb606e

    • SHA256

      ec87647a1800a44a56f871c738ff80826a1ae8c7ec33141961936e1195c791dc

    • SHA512

      0006cd64e3b83344daddc4169635a22b482849c204f79ac555e0085b56c6b7c23709f48e2c101dac2c518b3232844dbafcc1d101791b0f77f488aa63573db941

    • SSDEEP

      6144:Ksy+bnr+ap0yN90QEgAVAgAwghnB9Evdg+h8rc5QZEvp1mepkboJ9fIG7ZSP:0MrOy90aIAwVVg68rcyZakboHIGm

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks