General

  • Target

    e71052a27dda6f7eb3766c5b13d028a7f23e5a4c98d32cf186c65c30c0c13eb9

  • Size

    432KB

  • Sample

    241105-axkpja1enp

  • MD5

    f763f9ebefc17770b8fe403822221b6a

  • SHA1

    b58626ccf0cff7c566dd0c89b9bbee38a7867e11

  • SHA256

    e71052a27dda6f7eb3766c5b13d028a7f23e5a4c98d32cf186c65c30c0c13eb9

  • SHA512

    3fca89cced5134cf856aa5a5d7f40c09443809c9a95a459e51bbcaa22f0b6918c4c1f576c403550ffd39952f62519b11616eed5868584e0fa5f71d36a2e6303f

  • SSDEEP

    6144:KEy+bnr+0p0yN90QE+OLizUC8SC8qPEbnrYdPirz/hYrTVjfS4lMP9c5Gokl12mt:AMrky90fSy8BYdPirzZiIiFOlt

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      e71052a27dda6f7eb3766c5b13d028a7f23e5a4c98d32cf186c65c30c0c13eb9

    • Size

      432KB

    • MD5

      f763f9ebefc17770b8fe403822221b6a

    • SHA1

      b58626ccf0cff7c566dd0c89b9bbee38a7867e11

    • SHA256

      e71052a27dda6f7eb3766c5b13d028a7f23e5a4c98d32cf186c65c30c0c13eb9

    • SHA512

      3fca89cced5134cf856aa5a5d7f40c09443809c9a95a459e51bbcaa22f0b6918c4c1f576c403550ffd39952f62519b11616eed5868584e0fa5f71d36a2e6303f

    • SSDEEP

      6144:KEy+bnr+0p0yN90QE+OLizUC8SC8qPEbnrYdPirz/hYrTVjfS4lMP9c5Gokl12mt:AMrky90fSy8BYdPirzZiIiFOlt

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks