General

  • Target

    05ac241afe67ee15a7782e5f0dfdc90549c11f4b886709e6a20040eff9dbca3e

  • Size

    442KB

  • Sample

    241105-f79djavmcy

  • MD5

    cff7bc1d5d5eee363cea28521368d92f

  • SHA1

    dbaa55c234e40f628b2bcca4d8e274ae739ef8c2

  • SHA256

    05ac241afe67ee15a7782e5f0dfdc90549c11f4b886709e6a20040eff9dbca3e

  • SHA512

    dba74611bfbfb0d49ecd21e6607ac64536bf696e2e0f23d6c826c91a33b5de0e5bf2be96194028525c8b5ef69bf7bc6dbc64659d526f95274b92b183f85ef1ec

  • SSDEEP

    12288:RMrgy909YvwOKVpKDWU3ZAKSeAB40Nau:hyrI9VkDLAK730Nau

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      05ac241afe67ee15a7782e5f0dfdc90549c11f4b886709e6a20040eff9dbca3e

    • Size

      442KB

    • MD5

      cff7bc1d5d5eee363cea28521368d92f

    • SHA1

      dbaa55c234e40f628b2bcca4d8e274ae739ef8c2

    • SHA256

      05ac241afe67ee15a7782e5f0dfdc90549c11f4b886709e6a20040eff9dbca3e

    • SHA512

      dba74611bfbfb0d49ecd21e6607ac64536bf696e2e0f23d6c826c91a33b5de0e5bf2be96194028525c8b5ef69bf7bc6dbc64659d526f95274b92b183f85ef1ec

    • SSDEEP

      12288:RMrgy909YvwOKVpKDWU3ZAKSeAB40Nau:hyrI9VkDLAK730Nau

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks