General

  • Target

    f6206ce48d857ef0f2bba1740ce5f3432294417bc4c8f7ed063e133fec25885d

  • Size

    442KB

  • Sample

    241105-kjw6hsyepk

  • MD5

    8757237e67c16b07ebe0f0fdfa7f37de

  • SHA1

    3541687a673b3278a5e5ad1bba81fe9729c36fc6

  • SHA256

    f6206ce48d857ef0f2bba1740ce5f3432294417bc4c8f7ed063e133fec25885d

  • SHA512

    78a5880558b01ed0417f676549e2caeba0308546f1628d0dd92f3afb5746b79975613fc3c13c3b7a50a223853855f5221febe2e0fff6fc0c7be074331e583e9a

  • SSDEEP

    6144:KWy+bnr+xp0yN90QE0YNAIwIxpdfMQmVtgKZw8KDWClmo3AIoKEiBwajoKSB6SsR:CMrFy90SYvwOKVpKDWU3ZAKSDzTvQ

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      f6206ce48d857ef0f2bba1740ce5f3432294417bc4c8f7ed063e133fec25885d

    • Size

      442KB

    • MD5

      8757237e67c16b07ebe0f0fdfa7f37de

    • SHA1

      3541687a673b3278a5e5ad1bba81fe9729c36fc6

    • SHA256

      f6206ce48d857ef0f2bba1740ce5f3432294417bc4c8f7ed063e133fec25885d

    • SHA512

      78a5880558b01ed0417f676549e2caeba0308546f1628d0dd92f3afb5746b79975613fc3c13c3b7a50a223853855f5221febe2e0fff6fc0c7be074331e583e9a

    • SSDEEP

      6144:KWy+bnr+xp0yN90QE0YNAIwIxpdfMQmVtgKZw8KDWClmo3AIoKEiBwajoKSB6SsR:CMrFy90SYvwOKVpKDWU3ZAKSDzTvQ

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks