General

  • Target

    6c6f3604eeb75ea01edd289c9283861b5de3ff0fa854d639b62cbb4f5aa4e315.exe

  • Size

    583KB

  • Sample

    241112-y9p2sazkas

  • MD5

    44e23169abca2b0d1bceb28d81449ab6

  • SHA1

    6e2fff4bfa0fa01db1c8f3d391c0a197e0936425

  • SHA256

    6c6f3604eeb75ea01edd289c9283861b5de3ff0fa854d639b62cbb4f5aa4e315

  • SHA512

    54c56becd95f1e4a5b705759eab1acf44b096d8efd8e9be288e56edda2c518411b83bf23fc28d4b7c14f95bbd7b62c2aa2f7841b1f0e8d80431b65338a2d7747

  • SSDEEP

    12288:NMrZy90NG6HXArt9oaP6UGFaCYpD4QrkfTmYEeaJ2p:QyYfwXoo610aQr8xfaop

Malware Config

Extracted

Family

redline

Botnet

ronam

C2

193.233.20.17:4139

Attributes
  • auth_value

    125421d19d14dd7fd211bc7f6d4aea6c

Targets

    • Target

      6c6f3604eeb75ea01edd289c9283861b5de3ff0fa854d639b62cbb4f5aa4e315.exe

    • Size

      583KB

    • MD5

      44e23169abca2b0d1bceb28d81449ab6

    • SHA1

      6e2fff4bfa0fa01db1c8f3d391c0a197e0936425

    • SHA256

      6c6f3604eeb75ea01edd289c9283861b5de3ff0fa854d639b62cbb4f5aa4e315

    • SHA512

      54c56becd95f1e4a5b705759eab1acf44b096d8efd8e9be288e56edda2c518411b83bf23fc28d4b7c14f95bbd7b62c2aa2f7841b1f0e8d80431b65338a2d7747

    • SSDEEP

      12288:NMrZy90NG6HXArt9oaP6UGFaCYpD4QrkfTmYEeaJ2p:QyYfwXoo610aQr8xfaop

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks