General

  • Target

    fa577a1c6bb4436ad22420a16c0d0f7e4a8064d5dc444479a36be7682f4c5903

  • Size

    441KB

  • Sample

    241105-bt7kkascjr

  • MD5

    689e6ca3bb2d7257438c22af8cfd9b29

  • SHA1

    119ff3a7c8fadfca6ae362702e15881c5b775fad

  • SHA256

    fa577a1c6bb4436ad22420a16c0d0f7e4a8064d5dc444479a36be7682f4c5903

  • SHA512

    a0441e7e587a87b96947454e67fc89c476b2635028e412f7997e6e78b7f05eddc31dcf3c5e45baf5dad175ae3ed1b67c2a1fcdf73d802723f66f19d73a73b947

  • SSDEEP

    12288:fMrzy90JvN7H7EfwY9DU5iSD4FnUlnzhZ1Hl:cyAFH7EfL0p4uVzf

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      fa577a1c6bb4436ad22420a16c0d0f7e4a8064d5dc444479a36be7682f4c5903

    • Size

      441KB

    • MD5

      689e6ca3bb2d7257438c22af8cfd9b29

    • SHA1

      119ff3a7c8fadfca6ae362702e15881c5b775fad

    • SHA256

      fa577a1c6bb4436ad22420a16c0d0f7e4a8064d5dc444479a36be7682f4c5903

    • SHA512

      a0441e7e587a87b96947454e67fc89c476b2635028e412f7997e6e78b7f05eddc31dcf3c5e45baf5dad175ae3ed1b67c2a1fcdf73d802723f66f19d73a73b947

    • SSDEEP

      12288:fMrzy90JvN7H7EfwY9DU5iSD4FnUlnzhZ1Hl:cyAFH7EfL0p4uVzf

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks