General

  • Target

    a718a5d7c9207553779f44b9fcc320c7f18419c772d455f20067d189fa7f24e3

  • Size

    433KB

  • Sample

    241105-h5j2zawne1

  • MD5

    a076a123707a47ce8eb9c1fd77cc1919

  • SHA1

    47fe19da7f1043a6ae838cf4b8f311fc814edfbe

  • SHA256

    a718a5d7c9207553779f44b9fcc320c7f18419c772d455f20067d189fa7f24e3

  • SHA512

    8eb951bc6667033aee657e10406110005de3272e152c22466aa0734ab0e8b9b010a9307c47b2ee2c6eba54444dbc34e2d00bde4aec5ec7345a2e96d182392f6c

  • SSDEEP

    12288:WMrOy90c78bm8q4pif/DdRm19HgnHkX00n:Yy8mX7Dd0XAEkK

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      a718a5d7c9207553779f44b9fcc320c7f18419c772d455f20067d189fa7f24e3

    • Size

      433KB

    • MD5

      a076a123707a47ce8eb9c1fd77cc1919

    • SHA1

      47fe19da7f1043a6ae838cf4b8f311fc814edfbe

    • SHA256

      a718a5d7c9207553779f44b9fcc320c7f18419c772d455f20067d189fa7f24e3

    • SHA512

      8eb951bc6667033aee657e10406110005de3272e152c22466aa0734ab0e8b9b010a9307c47b2ee2c6eba54444dbc34e2d00bde4aec5ec7345a2e96d182392f6c

    • SSDEEP

      12288:WMrOy90c78bm8q4pif/DdRm19HgnHkX00n:Yy8mX7Dd0XAEkK

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks