General

  • Target

    2eac90508d95b865940a6137fa72065a9fa1e4e61f6d8c4f8f64465da0a311fe

  • Size

    440KB

  • Sample

    241105-bdke4azrbw

  • MD5

    3b0a6f4562efe47365424cec22ad0621

  • SHA1

    e932721fc13ee2de7911ba123ee2453979657290

  • SHA256

    2eac90508d95b865940a6137fa72065a9fa1e4e61f6d8c4f8f64465da0a311fe

  • SHA512

    3b4d2a058361b09a411c26f1cf946a6c99e825145d30f4b10097c301bac92ef792613216dd0ed9186747743e5644f124b05f778904f79a0d3409753cf7fb8f68

  • SSDEEP

    12288:EMr+y90YyhbDlc3gEd9bcCUfmU6CwWmjvOjob:KyvyhFc3gwpUOHYImjob

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      2eac90508d95b865940a6137fa72065a9fa1e4e61f6d8c4f8f64465da0a311fe

    • Size

      440KB

    • MD5

      3b0a6f4562efe47365424cec22ad0621

    • SHA1

      e932721fc13ee2de7911ba123ee2453979657290

    • SHA256

      2eac90508d95b865940a6137fa72065a9fa1e4e61f6d8c4f8f64465da0a311fe

    • SHA512

      3b4d2a058361b09a411c26f1cf946a6c99e825145d30f4b10097c301bac92ef792613216dd0ed9186747743e5644f124b05f778904f79a0d3409753cf7fb8f68

    • SSDEEP

      12288:EMr+y90YyhbDlc3gEd9bcCUfmU6CwWmjvOjob:KyvyhFc3gwpUOHYImjob

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks