General

  • Target

    8117c769f94ebf88525fc8c7b22ab9c5d8d72a0729b7ed1ca7fca823cadf2065

  • Size

    442KB

  • Sample

    241105-bwqd3ascmm

  • MD5

    d9ed2d6a35509b501d1d23fb86f3b145

  • SHA1

    f3e6e85671f103957adcc6ef6f23fd7add64b9bf

  • SHA256

    8117c769f94ebf88525fc8c7b22ab9c5d8d72a0729b7ed1ca7fca823cadf2065

  • SHA512

    f16d0a4d02f02b959e245b6a7b21071d1bd6a2e29e2789b6946f9dc98a4f2e05d1deee429f7e08d1a559baed96d61b74a91cfef7fc6c71d7d95a27045ad7a229

  • SSDEEP

    6144:KOy+bnr+ip0yN90QEMBEyWzP8Hao4s+9V6odP5B/d34Rbs94mp77Lip1e:GMrOy90a2yQIao4r6opPiRs94NPe

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      8117c769f94ebf88525fc8c7b22ab9c5d8d72a0729b7ed1ca7fca823cadf2065

    • Size

      442KB

    • MD5

      d9ed2d6a35509b501d1d23fb86f3b145

    • SHA1

      f3e6e85671f103957adcc6ef6f23fd7add64b9bf

    • SHA256

      8117c769f94ebf88525fc8c7b22ab9c5d8d72a0729b7ed1ca7fca823cadf2065

    • SHA512

      f16d0a4d02f02b959e245b6a7b21071d1bd6a2e29e2789b6946f9dc98a4f2e05d1deee429f7e08d1a559baed96d61b74a91cfef7fc6c71d7d95a27045ad7a229

    • SSDEEP

      6144:KOy+bnr+ip0yN90QEMBEyWzP8Hao4s+9V6odP5B/d34Rbs94mp77Lip1e:GMrOy90a2yQIao4r6opPiRs94NPe

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks