General

  • Target

    48bc43cc7f553bc193c50cceeb308142e7e4fbcd85920f9c5d63ad43edb0c3d4

  • Size

    433KB

  • Sample

    241104-3qhwkssman

  • MD5

    9efe3ada3c741a658eb1bc35c74098da

  • SHA1

    1a9ddd1880474416d2770d286cbbc1f298bca620

  • SHA256

    48bc43cc7f553bc193c50cceeb308142e7e4fbcd85920f9c5d63ad43edb0c3d4

  • SHA512

    4c5bbbfb4ebab1e756dcb5776f05b076ba61a22e9dfb52baa0a5b70ceeb0cd317c71cd0d8e2c2ad13342d110e80b2bf39b24cd6561a362df8780252417d80ca9

  • SSDEEP

    12288:kMrby90978bm8q4pif/DdRm19HgnHkXw0n2X:HyLmX7Dd0XAEgqI

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      48bc43cc7f553bc193c50cceeb308142e7e4fbcd85920f9c5d63ad43edb0c3d4

    • Size

      433KB

    • MD5

      9efe3ada3c741a658eb1bc35c74098da

    • SHA1

      1a9ddd1880474416d2770d286cbbc1f298bca620

    • SHA256

      48bc43cc7f553bc193c50cceeb308142e7e4fbcd85920f9c5d63ad43edb0c3d4

    • SHA512

      4c5bbbfb4ebab1e756dcb5776f05b076ba61a22e9dfb52baa0a5b70ceeb0cd317c71cd0d8e2c2ad13342d110e80b2bf39b24cd6561a362df8780252417d80ca9

    • SSDEEP

      12288:kMrby90978bm8q4pif/DdRm19HgnHkXw0n2X:HyLmX7Dd0XAEgqI

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks