General

  • Target

    a6bc07876c9780542b6a1fb4b34ea4eda863f8e1527e66048461fe1669637ca0

  • Size

    442KB

  • Sample

    241105-fg587axmgn

  • MD5

    851898a111b5ff6c7564cee0f3b4fcab

  • SHA1

    6aec4b022698688eb06426b63992e72617152009

  • SHA256

    a6bc07876c9780542b6a1fb4b34ea4eda863f8e1527e66048461fe1669637ca0

  • SHA512

    651ba720f4e8448ae7e6b151237f3ec166faf5c7174c2d969a2b2dc8070fdae6ead86d97e2eb1fe53850496e4d096c261adce21608ab4697c73a9e96344d80d7

  • SSDEEP

    6144:Kcy+bnr+Ep0yN90QE5BEyWzP8Hao4s+9V6odP5B/d34Rbs949p64q14xhwM:EMr8y90n2yQIao4r6opPiRs94S4q1qT

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      a6bc07876c9780542b6a1fb4b34ea4eda863f8e1527e66048461fe1669637ca0

    • Size

      442KB

    • MD5

      851898a111b5ff6c7564cee0f3b4fcab

    • SHA1

      6aec4b022698688eb06426b63992e72617152009

    • SHA256

      a6bc07876c9780542b6a1fb4b34ea4eda863f8e1527e66048461fe1669637ca0

    • SHA512

      651ba720f4e8448ae7e6b151237f3ec166faf5c7174c2d969a2b2dc8070fdae6ead86d97e2eb1fe53850496e4d096c261adce21608ab4697c73a9e96344d80d7

    • SSDEEP

      6144:Kcy+bnr+Ep0yN90QE5BEyWzP8Hao4s+9V6odP5B/d34Rbs949p64q14xhwM:EMr8y90n2yQIao4r6opPiRs94S4q1qT

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks