General

  • Target

    6a7a18fb24242dcf40ecf839a1d37b8574161739afc6736276f6b06a1b1a4706

  • Size

    442KB

  • Sample

    241105-ckg4zsscmb

  • MD5

    c68d15a46562eca05f627a3586593960

  • SHA1

    d6d73397957611b91a146e18fe935963c458a51d

  • SHA256

    6a7a18fb24242dcf40ecf839a1d37b8574161739afc6736276f6b06a1b1a4706

  • SHA512

    df2e97fc53a5e8182baf5a33642c78bf89c6159edbc925948ae4166e41ab904ffaf226dff3d2bf00cb6c7dd5d7c03e38c1ede72cc98685409ddb20025305d867

  • SSDEEP

    6144:Koy+bnr+Ap0yN90QEMiEeLKBWtC8J+/9mb1YbUGrWBWaPzcmWlohlN8rm:MMrMy900jz8dabLrW4MhV8rm

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      6a7a18fb24242dcf40ecf839a1d37b8574161739afc6736276f6b06a1b1a4706

    • Size

      442KB

    • MD5

      c68d15a46562eca05f627a3586593960

    • SHA1

      d6d73397957611b91a146e18fe935963c458a51d

    • SHA256

      6a7a18fb24242dcf40ecf839a1d37b8574161739afc6736276f6b06a1b1a4706

    • SHA512

      df2e97fc53a5e8182baf5a33642c78bf89c6159edbc925948ae4166e41ab904ffaf226dff3d2bf00cb6c7dd5d7c03e38c1ede72cc98685409ddb20025305d867

    • SSDEEP

      6144:Koy+bnr+Ap0yN90QEMiEeLKBWtC8J+/9mb1YbUGrWBWaPzcmWlohlN8rm:MMrMy900jz8dabLrW4MhV8rm

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks