General

  • Target

    701657c2fd478b084c86ec999776beebf55c3db20bb23e954f5c249418cf28bb

  • Size

    442KB

  • Sample

    241105-favh4stqdv

  • MD5

    a8c38446ec302d147c6650e3d9be638f

  • SHA1

    bb98cac4b11a180a4e6ad99c661b5889f56b4680

  • SHA256

    701657c2fd478b084c86ec999776beebf55c3db20bb23e954f5c249418cf28bb

  • SHA512

    78cf0aa651ff0ad2a10078bcfa88c1838b579b9434dc1527071b399664179330f423eeb212e5f7ca43809130e9a39ea1ac6b8307048ece8b7392a8e5b0de7f34

  • SSDEEP

    12288:JMr+y90/2yQIao4r6opPiRs94S4q1Vcd:7yC2ytUpd4qO

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      701657c2fd478b084c86ec999776beebf55c3db20bb23e954f5c249418cf28bb

    • Size

      442KB

    • MD5

      a8c38446ec302d147c6650e3d9be638f

    • SHA1

      bb98cac4b11a180a4e6ad99c661b5889f56b4680

    • SHA256

      701657c2fd478b084c86ec999776beebf55c3db20bb23e954f5c249418cf28bb

    • SHA512

      78cf0aa651ff0ad2a10078bcfa88c1838b579b9434dc1527071b399664179330f423eeb212e5f7ca43809130e9a39ea1ac6b8307048ece8b7392a8e5b0de7f34

    • SSDEEP

      12288:JMr+y90/2yQIao4r6opPiRs94S4q1Vcd:7yC2ytUpd4qO

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks