General

  • Target

    1e013b3a03d46f894a2cee3ee05ae5de6b85d8aa6983e26017f0484c99731645

  • Size

    591KB

  • Sample

    241112-y1cp4azgqe

  • MD5

    8ceb4f8ec221f4003d71a0e60ac5ebb2

  • SHA1

    81d39a9cbc66091a436e3b2ed012063c8479aa9a

  • SHA256

    1e013b3a03d46f894a2cee3ee05ae5de6b85d8aa6983e26017f0484c99731645

  • SHA512

    cef34b5594a60e1df6d63b60644042a016fb128ad821e87f277e16a1aedebf148a553b0911486a0ba86445756b652f0269a5b8fe7c372d7c807d6b492ae44866

  • SSDEEP

    12288:qMrqy90G6o1nhsI4PGZWg8tK3vX8KgApKHwLLf7lLGgiHA7Si:UyH6oll4+ctEUAAmf7lLGbHmJ

Malware Config

Extracted

Family

redline

Botnet

ronam

C2

193.233.20.17:4139

Attributes
  • auth_value

    125421d19d14dd7fd211bc7f6d4aea6c

Targets

    • Target

      1e013b3a03d46f894a2cee3ee05ae5de6b85d8aa6983e26017f0484c99731645

    • Size

      591KB

    • MD5

      8ceb4f8ec221f4003d71a0e60ac5ebb2

    • SHA1

      81d39a9cbc66091a436e3b2ed012063c8479aa9a

    • SHA256

      1e013b3a03d46f894a2cee3ee05ae5de6b85d8aa6983e26017f0484c99731645

    • SHA512

      cef34b5594a60e1df6d63b60644042a016fb128ad821e87f277e16a1aedebf148a553b0911486a0ba86445756b652f0269a5b8fe7c372d7c807d6b492ae44866

    • SSDEEP

      12288:qMrqy90G6o1nhsI4PGZWg8tK3vX8KgApKHwLLf7lLGgiHA7Si:UyH6oll4+ctEUAAmf7lLGbHmJ

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks