General

  • Target

    01f238be78d778bb061a995b9511860dbdfc84d78921f57e02a01f66b7c7365e

  • Size

    442KB

  • Sample

    241105-b6wc3a1md1

  • MD5

    fc4fb7feb0116b04ebd0d762929d0696

  • SHA1

    fc8fb56f67fdad245ea5eb63dd273d6465bdb0e8

  • SHA256

    01f238be78d778bb061a995b9511860dbdfc84d78921f57e02a01f66b7c7365e

  • SHA512

    8dd7bc3fedbe1de834322b110fd9dfabb7a1b1f98f78904b820a314758a2516f5069cb77ce89a721ce10e50d0f300ce764a1302dbc8d65cd2790cc7621e55568

  • SSDEEP

    12288:/MrFy90E+8ffHfgOBfANsMztBc6hO8YQhx0Y:my3vfvDBYNFtBc1syY

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      01f238be78d778bb061a995b9511860dbdfc84d78921f57e02a01f66b7c7365e

    • Size

      442KB

    • MD5

      fc4fb7feb0116b04ebd0d762929d0696

    • SHA1

      fc8fb56f67fdad245ea5eb63dd273d6465bdb0e8

    • SHA256

      01f238be78d778bb061a995b9511860dbdfc84d78921f57e02a01f66b7c7365e

    • SHA512

      8dd7bc3fedbe1de834322b110fd9dfabb7a1b1f98f78904b820a314758a2516f5069cb77ce89a721ce10e50d0f300ce764a1302dbc8d65cd2790cc7621e55568

    • SSDEEP

      12288:/MrFy90E+8ffHfgOBfANsMztBc6hO8YQhx0Y:my3vfvDBYNFtBc1syY

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks