General

  • Target

    ffac52e0895b0806520ab4b7b6358d904bfee7119ef5121fb39d270c34ae291e

  • Size

    433KB

  • Sample

    241106-1l8kbsxpav

  • MD5

    5617eed799945c8cdf70011768c2bbff

  • SHA1

    09bbab93cb5188676d7b0c847ca4eae1fdc9236c

  • SHA256

    ffac52e0895b0806520ab4b7b6358d904bfee7119ef5121fb39d270c34ae291e

  • SHA512

    ace3f81eb8269fa44e32716b405ae1a21a07e479239d4fafd89c762a2010a9a21975a01c9d5a1e670751ab065c546a56da946cc67a758401cb3b01a26b30a203

  • SSDEEP

    12288:jMr2y90OWCWbxy59C7a3Y3PfMLFROcwLW:hypWCWbsrC7a3YffM5RNP

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      ffac52e0895b0806520ab4b7b6358d904bfee7119ef5121fb39d270c34ae291e

    • Size

      433KB

    • MD5

      5617eed799945c8cdf70011768c2bbff

    • SHA1

      09bbab93cb5188676d7b0c847ca4eae1fdc9236c

    • SHA256

      ffac52e0895b0806520ab4b7b6358d904bfee7119ef5121fb39d270c34ae291e

    • SHA512

      ace3f81eb8269fa44e32716b405ae1a21a07e479239d4fafd89c762a2010a9a21975a01c9d5a1e670751ab065c546a56da946cc67a758401cb3b01a26b30a203

    • SSDEEP

      12288:jMr2y90OWCWbxy59C7a3Y3PfMLFROcwLW:hypWCWbsrC7a3YffM5RNP

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks