General

  • Target

    f02e954c82955b79a1b37693f4ecb01c4af65e74506bcef610feb8e87a5da503

  • Size

    440KB

  • Sample

    241105-hpb2esyrdp

  • MD5

    4325a8924362972f3d73ea0f083b02bf

  • SHA1

    83b18429732c4c6ab59c47df3764edd3429acba3

  • SHA256

    f02e954c82955b79a1b37693f4ecb01c4af65e74506bcef610feb8e87a5da503

  • SHA512

    a595f70caf23d8a936bd24e888b76fb6b4a74cf866463105e9140ec65043a510865b0cd0ecee4cbb1e50b9036338ce0e75156c6b759447d674f8b1d70f219e84

  • SSDEEP

    12288:9MrMy90jp7cO1Wt4uTY7mhTAFlj+jWSdPvBp:VyscO+4IcF+jx9

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      f02e954c82955b79a1b37693f4ecb01c4af65e74506bcef610feb8e87a5da503

    • Size

      440KB

    • MD5

      4325a8924362972f3d73ea0f083b02bf

    • SHA1

      83b18429732c4c6ab59c47df3764edd3429acba3

    • SHA256

      f02e954c82955b79a1b37693f4ecb01c4af65e74506bcef610feb8e87a5da503

    • SHA512

      a595f70caf23d8a936bd24e888b76fb6b4a74cf866463105e9140ec65043a510865b0cd0ecee4cbb1e50b9036338ce0e75156c6b759447d674f8b1d70f219e84

    • SSDEEP

      12288:9MrMy90jp7cO1Wt4uTY7mhTAFlj+jWSdPvBp:VyscO+4IcF+jx9

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks