General

  • Target

    2fc316c43e01b78ed7d597dc57bf6bcd702f5ca062eb1ab0793a9e2ecd3a7505

  • Size

    440KB

  • Sample

    241105-fkc2tawbnm

  • MD5

    a3e9e4819ddfb33954dea05082568faa

  • SHA1

    9a94d05595099db271179543ffd954c6426f4d7b

  • SHA256

    2fc316c43e01b78ed7d597dc57bf6bcd702f5ca062eb1ab0793a9e2ecd3a7505

  • SHA512

    5668a096b27af8dec765c6ed4a83f254d71ebd8d776a08ec6f8c5564be2259e5ac59f7d4c58ba99ae177458ace068b79c2e5d82502b1f0575815381538adffa3

  • SSDEEP

    6144:Kby+bnr+Dp0yN90QEH/XODku14VWPWmzn+jkBBy56WNLz9RAy0vS6tJZsRn:BMrfy909wNn+SBO6+My0vSiJZw

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      2fc316c43e01b78ed7d597dc57bf6bcd702f5ca062eb1ab0793a9e2ecd3a7505

    • Size

      440KB

    • MD5

      a3e9e4819ddfb33954dea05082568faa

    • SHA1

      9a94d05595099db271179543ffd954c6426f4d7b

    • SHA256

      2fc316c43e01b78ed7d597dc57bf6bcd702f5ca062eb1ab0793a9e2ecd3a7505

    • SHA512

      5668a096b27af8dec765c6ed4a83f254d71ebd8d776a08ec6f8c5564be2259e5ac59f7d4c58ba99ae177458ace068b79c2e5d82502b1f0575815381538adffa3

    • SSDEEP

      6144:Kby+bnr+Dp0yN90QEH/XODku14VWPWmzn+jkBBy56WNLz9RAy0vS6tJZsRn:BMrfy909wNn+SBO6+My0vSiJZw

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks