General

  • Target

    5c81a05d7bdb01bbd865aa2ee19ce790ef3bb2600ec4f6c465e041b42775ea92

  • Size

    435KB

  • Sample

    241105-kbx3vaxkez

  • MD5

    c556a2544d6c3e98eb38b2a68d38f20c

  • SHA1

    c700e46760592fd7631a7bd70b852ccd3ee5f876

  • SHA256

    5c81a05d7bdb01bbd865aa2ee19ce790ef3bb2600ec4f6c465e041b42775ea92

  • SHA512

    681115527c03a983e8a4b9e1a89287a4c99335a4365785007b617e84a170d28bb586eca484499d53c9c83245c8c87a73201fb3d02d95c7ec46ef9844392b41ce

  • SSDEEP

    12288:JMrey90Fz7+yhqiE4DKjtRkJQY0jX03yaQ:ry22gqnRjtRkJX0Y3y7

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      5c81a05d7bdb01bbd865aa2ee19ce790ef3bb2600ec4f6c465e041b42775ea92

    • Size

      435KB

    • MD5

      c556a2544d6c3e98eb38b2a68d38f20c

    • SHA1

      c700e46760592fd7631a7bd70b852ccd3ee5f876

    • SHA256

      5c81a05d7bdb01bbd865aa2ee19ce790ef3bb2600ec4f6c465e041b42775ea92

    • SHA512

      681115527c03a983e8a4b9e1a89287a4c99335a4365785007b617e84a170d28bb586eca484499d53c9c83245c8c87a73201fb3d02d95c7ec46ef9844392b41ce

    • SSDEEP

      12288:JMrey90Fz7+yhqiE4DKjtRkJQY0jX03yaQ:ry22gqnRjtRkJX0Y3y7

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks