General

  • Target

    816a7654a98b7660213f55ee1bee70feb66f99cae1206ddf4a96308f20b756d6

  • Size

    433KB

  • Sample

    241105-kt7d8sxnc1

  • MD5

    b4904a884ea49f34dbed348cd823cc61

  • SHA1

    c4b42fb7be6b43929dd4c58b20959a458598f39d

  • SHA256

    816a7654a98b7660213f55ee1bee70feb66f99cae1206ddf4a96308f20b756d6

  • SHA512

    b5afa95cfeffe2e2b56b86eb995d19d694e7667b9ab19c3351b19af92207d441ad949adf0742c3daa1336e7a6a3d62f2a9825fc8e3514a58e5661b2a47738f2f

  • SSDEEP

    12288:CMrry90h78bm8q4pif/DdRm19HgnHkXO05WF:5yfmX7Dd0XAE+oW

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      816a7654a98b7660213f55ee1bee70feb66f99cae1206ddf4a96308f20b756d6

    • Size

      433KB

    • MD5

      b4904a884ea49f34dbed348cd823cc61

    • SHA1

      c4b42fb7be6b43929dd4c58b20959a458598f39d

    • SHA256

      816a7654a98b7660213f55ee1bee70feb66f99cae1206ddf4a96308f20b756d6

    • SHA512

      b5afa95cfeffe2e2b56b86eb995d19d694e7667b9ab19c3351b19af92207d441ad949adf0742c3daa1336e7a6a3d62f2a9825fc8e3514a58e5661b2a47738f2f

    • SSDEEP

      12288:CMrry90h78bm8q4pif/DdRm19HgnHkXO05WF:5yfmX7Dd0XAE+oW

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks