General

  • Target

    4e81716be03fdf3620115c6370ff3c37af76add747422e5c05db71c4183536a6

  • Size

    442KB

  • Sample

    241105-bgrzcatmeq

  • MD5

    cb5110dbef2297c80e16fd9878cb3322

  • SHA1

    f541f7b659f2f1cabcc3db91d1d2eed730f3e730

  • SHA256

    4e81716be03fdf3620115c6370ff3c37af76add747422e5c05db71c4183536a6

  • SHA512

    1d82840eb2c4fdcbe1305cf9ee00461421e695b7c159b2ab0438e292b382e2c930b2f5af7d6b0e6a271e676871fd3d4f8f92220f2987dabe51741579631128a5

  • SSDEEP

    12288:iMrQy90UTkioGhaL/Bk6eEVD6DTAM6m7:6y5TbfhaL/W6NVD6QO7

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      4e81716be03fdf3620115c6370ff3c37af76add747422e5c05db71c4183536a6

    • Size

      442KB

    • MD5

      cb5110dbef2297c80e16fd9878cb3322

    • SHA1

      f541f7b659f2f1cabcc3db91d1d2eed730f3e730

    • SHA256

      4e81716be03fdf3620115c6370ff3c37af76add747422e5c05db71c4183536a6

    • SHA512

      1d82840eb2c4fdcbe1305cf9ee00461421e695b7c159b2ab0438e292b382e2c930b2f5af7d6b0e6a271e676871fd3d4f8f92220f2987dabe51741579631128a5

    • SSDEEP

      12288:iMrQy90UTkioGhaL/Bk6eEVD6DTAM6m7:6y5TbfhaL/W6NVD6QO7

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks