General

  • Target

    435ac88803c8f59d9793ee92d8ff5aa56756bf2700300b0b59ae72eab722c155

  • Size

    442KB

  • Sample

    241105-gtdkdaymcr

  • MD5

    907f1b666bc8e36d7fce5ee3de427e4e

  • SHA1

    edda62631d243d97e39d52e3e7d78141c17136c1

  • SHA256

    435ac88803c8f59d9793ee92d8ff5aa56756bf2700300b0b59ae72eab722c155

  • SHA512

    f6ab594057d08b70f39981be7a2af0fca9478260ac56794be8c615f114f223c6230e0ea39fd61c95fd3de66582e942a1da1f71af681f29c536f95adf720b3eba

  • SSDEEP

    6144:KVy+bnr+jp0yN90QEhYNAIwIxpdfMQmVtgKZw8KDWClmo3AIoKEiBwajoKSB6ugb:nMrDy903YvwOKVpKDWU3ZAKSeAB40Y

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      435ac88803c8f59d9793ee92d8ff5aa56756bf2700300b0b59ae72eab722c155

    • Size

      442KB

    • MD5

      907f1b666bc8e36d7fce5ee3de427e4e

    • SHA1

      edda62631d243d97e39d52e3e7d78141c17136c1

    • SHA256

      435ac88803c8f59d9793ee92d8ff5aa56756bf2700300b0b59ae72eab722c155

    • SHA512

      f6ab594057d08b70f39981be7a2af0fca9478260ac56794be8c615f114f223c6230e0ea39fd61c95fd3de66582e942a1da1f71af681f29c536f95adf720b3eba

    • SSDEEP

      6144:KVy+bnr+jp0yN90QEhYNAIwIxpdfMQmVtgKZw8KDWClmo3AIoKEiBwajoKSB6ugb:nMrDy903YvwOKVpKDWU3ZAKSeAB40Y

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks