General

  • Target

    9847a5fc1cc63a44cbce7965d1dcd981bffb1010a3b6f310dc43aa38c1ee451d

  • Size

    440KB

  • Sample

    241105-dz82pathpr

  • MD5

    bfbf85326777e629ccb8749a06954256

  • SHA1

    ed2978d311e0d2dc0cbbc9b900323d649089aa06

  • SHA256

    9847a5fc1cc63a44cbce7965d1dcd981bffb1010a3b6f310dc43aa38c1ee451d

  • SHA512

    4ce854c8fe127de308b74a33f93e104e57fb58bef81ab381bc99aacc32917404ea98fd7894354dc53cc79f12e51c4977345ed6e7b9408bf41965e6ec21b5fdef

  • SSDEEP

    12288:yMryy90Np7cO1Wt4uTY7mhTAFlj+jWSdPvB0:4yOcO+4IcF+jxw

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      9847a5fc1cc63a44cbce7965d1dcd981bffb1010a3b6f310dc43aa38c1ee451d

    • Size

      440KB

    • MD5

      bfbf85326777e629ccb8749a06954256

    • SHA1

      ed2978d311e0d2dc0cbbc9b900323d649089aa06

    • SHA256

      9847a5fc1cc63a44cbce7965d1dcd981bffb1010a3b6f310dc43aa38c1ee451d

    • SHA512

      4ce854c8fe127de308b74a33f93e104e57fb58bef81ab381bc99aacc32917404ea98fd7894354dc53cc79f12e51c4977345ed6e7b9408bf41965e6ec21b5fdef

    • SSDEEP

      12288:yMryy90Np7cO1Wt4uTY7mhTAFlj+jWSdPvB0:4yOcO+4IcF+jxw

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks