General

  • Target

    434535fe53dad8e0b2503ef95997e476532b29c7a091f93e6be3d218fb6e2a1a.exe

  • Size

    749KB

  • Sample

    241122-rzrpassnav

  • MD5

    82330d3139d30c614cfc3af3d92a25a0

  • SHA1

    1cd6ac281e0b834305dc9811fe275a3563b858e5

  • SHA256

    434535fe53dad8e0b2503ef95997e476532b29c7a091f93e6be3d218fb6e2a1a

  • SHA512

    ac240819ca109c3d91ac4d631f147bee2e3575c2e05d0e57f5345ecf08f389c10dfb0ffdc554f43c5f282a2f5bafef600df5e6e9f1a9e823f03a178ed6e9d725

  • SSDEEP

    12288:OMrEy90iIdX8fZO30Uwh9c/rTA/Iw9VRHZX7H1Qv+Jv9RxPAaCReJKnsyNk5:uytI9iZU0UKUwHp7ajR3syNk5

Malware Config

Extracted

Family

redline

Botnet

doma

C2

185.161.248.75:4132

Attributes
  • auth_value

    8be53af7f78567706928d0abef953ef4

Targets

    • Target

      434535fe53dad8e0b2503ef95997e476532b29c7a091f93e6be3d218fb6e2a1a.exe

    • Size

      749KB

    • MD5

      82330d3139d30c614cfc3af3d92a25a0

    • SHA1

      1cd6ac281e0b834305dc9811fe275a3563b858e5

    • SHA256

      434535fe53dad8e0b2503ef95997e476532b29c7a091f93e6be3d218fb6e2a1a

    • SHA512

      ac240819ca109c3d91ac4d631f147bee2e3575c2e05d0e57f5345ecf08f389c10dfb0ffdc554f43c5f282a2f5bafef600df5e6e9f1a9e823f03a178ed6e9d725

    • SSDEEP

      12288:OMrEy90iIdX8fZO30Uwh9c/rTA/Iw9VRHZX7H1Qv+Jv9RxPAaCReJKnsyNk5:uytI9iZU0UKUwHp7ajR3syNk5

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks