General

  • Target

    22c1a63a7205d1da40b89afd71679c06d8d0ba66649afe47278e84a1380f8f88

  • Size

    770KB

  • Sample

    241112-y76azs1bjm

  • MD5

    08e8eec9d15a07a52716e6bb6cdca10a

  • SHA1

    c3d50ceb23a04c0d9ff86003ab6419a29487ea1c

  • SHA256

    22c1a63a7205d1da40b89afd71679c06d8d0ba66649afe47278e84a1380f8f88

  • SHA512

    dae940e7f76086df608df3db950f025f4b67a224b618f0c0eadf94be06e7cc00c4bd5b4eae38fe233c8fd00a0064e9e583639f3cd55e21c40a97f2faaf1f1dfa

  • SSDEEP

    12288:oMrHy90/c+Cd7zpfWMG9beaB3a6mV8v4M+H8PC6dUAB4Lebplah3TuCOB:vyIYRxWMajwV3tH8PTiLRtTGB

Malware Config

Extracted

Family

redline

Botnet

romik

C2

193.233.20.12:4132

Attributes
  • auth_value

    8fb78d2889ba0ca42678b59b884e88ff

Targets

    • Target

      22c1a63a7205d1da40b89afd71679c06d8d0ba66649afe47278e84a1380f8f88

    • Size

      770KB

    • MD5

      08e8eec9d15a07a52716e6bb6cdca10a

    • SHA1

      c3d50ceb23a04c0d9ff86003ab6419a29487ea1c

    • SHA256

      22c1a63a7205d1da40b89afd71679c06d8d0ba66649afe47278e84a1380f8f88

    • SHA512

      dae940e7f76086df608df3db950f025f4b67a224b618f0c0eadf94be06e7cc00c4bd5b4eae38fe233c8fd00a0064e9e583639f3cd55e21c40a97f2faaf1f1dfa

    • SSDEEP

      12288:oMrHy90/c+Cd7zpfWMG9beaB3a6mV8v4M+H8PC6dUAB4Lebplah3TuCOB:vyIYRxWMajwV3tH8PTiLRtTGB

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks