General

  • Target

    8a853a12ae05691dbb8fe3ad7de8212f0a7cf74f7e767968c3a9ceabdaf41110

  • Size

    433KB

  • Sample

    241104-3r21vayra1

  • MD5

    981119722e67d2a39b20a397b5ccb259

  • SHA1

    c9c4c89318338e0ab2678700e7f498bc17ba6958

  • SHA256

    8a853a12ae05691dbb8fe3ad7de8212f0a7cf74f7e767968c3a9ceabdaf41110

  • SHA512

    11426b09d5578d8c8368edf93155df868b19ecae9cc9f5c5ef9e3798ec4eea99d6ea52af8a5eb5628c50c9ea57e856c09b01b7048676a22abd0c8e53479a51e0

  • SSDEEP

    12288:XMr8y90iWCWbxy59C7a3Y3PfMLFROcw3:TyFWCWbsrC7a3YffM5RNu

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      8a853a12ae05691dbb8fe3ad7de8212f0a7cf74f7e767968c3a9ceabdaf41110

    • Size

      433KB

    • MD5

      981119722e67d2a39b20a397b5ccb259

    • SHA1

      c9c4c89318338e0ab2678700e7f498bc17ba6958

    • SHA256

      8a853a12ae05691dbb8fe3ad7de8212f0a7cf74f7e767968c3a9ceabdaf41110

    • SHA512

      11426b09d5578d8c8368edf93155df868b19ecae9cc9f5c5ef9e3798ec4eea99d6ea52af8a5eb5628c50c9ea57e856c09b01b7048676a22abd0c8e53479a51e0

    • SSDEEP

      12288:XMr8y90iWCWbxy59C7a3Y3PfMLFROcw3:TyFWCWbsrC7a3YffM5RNu

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks