General

  • Target

    d549e5b03c334264154835bd297349ea3e3483b3ead3ef1a2c0a1912f0846ca8

  • Size

    440KB

  • Sample

    241105-ct5awa1rfx

  • MD5

    53e21e5852a6559d875ccaef83077db5

  • SHA1

    bb59675f785fb037e8c52770ba5335dfe0b8344c

  • SHA256

    d549e5b03c334264154835bd297349ea3e3483b3ead3ef1a2c0a1912f0846ca8

  • SHA512

    c3e8141a3604f9ff5e1a440fc3648194b14f2cb5b0b36b6da7c08ddcec8b1aeadc150fc8e86ca67138a41b146ee158a777c339974b2dce45898527c8e710d0ea

  • SSDEEP

    12288:lMr6y90wgVReFeUM5uQ3s1nxinYWoKpzx9:LyJgDSpQc1nxsY9qF9

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      d549e5b03c334264154835bd297349ea3e3483b3ead3ef1a2c0a1912f0846ca8

    • Size

      440KB

    • MD5

      53e21e5852a6559d875ccaef83077db5

    • SHA1

      bb59675f785fb037e8c52770ba5335dfe0b8344c

    • SHA256

      d549e5b03c334264154835bd297349ea3e3483b3ead3ef1a2c0a1912f0846ca8

    • SHA512

      c3e8141a3604f9ff5e1a440fc3648194b14f2cb5b0b36b6da7c08ddcec8b1aeadc150fc8e86ca67138a41b146ee158a777c339974b2dce45898527c8e710d0ea

    • SSDEEP

      12288:lMr6y90wgVReFeUM5uQ3s1nxinYWoKpzx9:LyJgDSpQc1nxsY9qF9

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks