General

  • Target

    0167b55d605562dc958190e9015efe9eab62f290018486d75290883c1e8c0c7d

  • Size

    442KB

  • Sample

    241105-kb466axkft

  • MD5

    8af471110b3e41433971d9d8c8501732

  • SHA1

    639b36328b904be4d7ae4a2e581ba1c82ffa2b1e

  • SHA256

    0167b55d605562dc958190e9015efe9eab62f290018486d75290883c1e8c0c7d

  • SHA512

    e2d26326fde53266bf0fbbf0b194aaee541384a1fd037d6f9ce147c1519f17f64631696610cd50dc5d1a9e04b82e8c9712b8b29b6931d01e8841952026717778

  • SSDEEP

    6144:Kdy+bnr+wp0yN90QEpiEeLKBWtC8J+/9mb1YbUGrWBWaPzcmWljhLELvq/I/:jMroy909jz8dabLrW4Mm6SQ/

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      0167b55d605562dc958190e9015efe9eab62f290018486d75290883c1e8c0c7d

    • Size

      442KB

    • MD5

      8af471110b3e41433971d9d8c8501732

    • SHA1

      639b36328b904be4d7ae4a2e581ba1c82ffa2b1e

    • SHA256

      0167b55d605562dc958190e9015efe9eab62f290018486d75290883c1e8c0c7d

    • SHA512

      e2d26326fde53266bf0fbbf0b194aaee541384a1fd037d6f9ce147c1519f17f64631696610cd50dc5d1a9e04b82e8c9712b8b29b6931d01e8841952026717778

    • SSDEEP

      6144:Kdy+bnr+wp0yN90QEpiEeLKBWtC8J+/9mb1YbUGrWBWaPzcmWljhLELvq/I/:jMroy909jz8dabLrW4Mm6SQ/

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks