General

  • Target

    4b9ef6b4325976333d155f876485e430563aa704410b3bc06ab5b5d56768687b

  • Size

    442KB

  • Sample

    241105-h9h1gawpcw

  • MD5

    476b1395ee4df17a6fb3c2d15caf064c

  • SHA1

    a836b898b99760b2de9a6ae9e7d78bf240dc8e60

  • SHA256

    4b9ef6b4325976333d155f876485e430563aa704410b3bc06ab5b5d56768687b

  • SHA512

    7908327590e621f435f4020bac51c2664a4243a20d35b703aeca4a3191684f03306213fecc2eb94d21450b118657f05c16f9f52a77904c003cdf7e8491c1be57

  • SSDEEP

    6144:Kay+bnr+Kp0yN90QEsev+dIikioG/Zj/fmLLL7kOJnkNqxdIF6lGaAw6DyEvAer+:qMray902TkioGhaL/Bk6eEVD6DTAM67

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      4b9ef6b4325976333d155f876485e430563aa704410b3bc06ab5b5d56768687b

    • Size

      442KB

    • MD5

      476b1395ee4df17a6fb3c2d15caf064c

    • SHA1

      a836b898b99760b2de9a6ae9e7d78bf240dc8e60

    • SHA256

      4b9ef6b4325976333d155f876485e430563aa704410b3bc06ab5b5d56768687b

    • SHA512

      7908327590e621f435f4020bac51c2664a4243a20d35b703aeca4a3191684f03306213fecc2eb94d21450b118657f05c16f9f52a77904c003cdf7e8491c1be57

    • SSDEEP

      6144:Kay+bnr+Kp0yN90QEsev+dIikioG/Zj/fmLLL7kOJnkNqxdIF6lGaAw6DyEvAer+:qMray902TkioGhaL/Bk6eEVD6DTAM67

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks