General

  • Target

    3c030572412f9179031d5b0f77a784ec60eb24d75407c04558a429dce0b0b9a5

  • Size

    442KB

  • Sample

    241105-gefq7awfrl

  • MD5

    218303fd7d733ff985f814f2e734938c

  • SHA1

    cd7c49366bc2502fc123e86d0c7f0670b768ccee

  • SHA256

    3c030572412f9179031d5b0f77a784ec60eb24d75407c04558a429dce0b0b9a5

  • SHA512

    98247628ef2d072860a38603b9bd12b665be0c9eaff215fad2ea130553deffad75e2d4a51f37b79cd1457f6c897f120793d871fa21b039af228993df05491c3b

  • SSDEEP

    6144:Kvy+bnr+yp0yN90QEZBEyWzP8Hao4s+9V6odP5B/d34Rbs949p64q14xjw2:pMrOy90j2yQIao4r6opPiRs94S4q1QF

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      3c030572412f9179031d5b0f77a784ec60eb24d75407c04558a429dce0b0b9a5

    • Size

      442KB

    • MD5

      218303fd7d733ff985f814f2e734938c

    • SHA1

      cd7c49366bc2502fc123e86d0c7f0670b768ccee

    • SHA256

      3c030572412f9179031d5b0f77a784ec60eb24d75407c04558a429dce0b0b9a5

    • SHA512

      98247628ef2d072860a38603b9bd12b665be0c9eaff215fad2ea130553deffad75e2d4a51f37b79cd1457f6c897f120793d871fa21b039af228993df05491c3b

    • SSDEEP

      6144:Kvy+bnr+yp0yN90QEZBEyWzP8Hao4s+9V6odP5B/d34Rbs949p64q14xjw2:pMrOy90j2yQIao4r6opPiRs94S4q1QF

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks