General

  • Target

    3ae6345b82a552c303571b0028052172b1562f2c6f0ec81a8342ce7f75cbb1f0

  • Size

    441KB

  • Sample

    241106-2zs78sskdr

  • MD5

    29e37a90a7572b3fa8b324293ceaecfa

  • SHA1

    737952af5fbf451942351dc0938f6a58e01ce1eb

  • SHA256

    3ae6345b82a552c303571b0028052172b1562f2c6f0ec81a8342ce7f75cbb1f0

  • SHA512

    e4b92bcd993ca30196033f89fe5c7ab59f9592e79e8b0ea3fa11fdd12e2c90907627305d1b4481662eff45559a78aa75bc45823900a9ea1e1ae7c006b177df9e

  • SSDEEP

    6144:Kty+bnr+Jp0yN90QEYGYRDrn52gmMxkARcAZNYz3C2IOO5cA0FhcnytE93PrL/iE:rMrBy90aGCDdsmZI3E5QNE93PrjiE

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      3ae6345b82a552c303571b0028052172b1562f2c6f0ec81a8342ce7f75cbb1f0

    • Size

      441KB

    • MD5

      29e37a90a7572b3fa8b324293ceaecfa

    • SHA1

      737952af5fbf451942351dc0938f6a58e01ce1eb

    • SHA256

      3ae6345b82a552c303571b0028052172b1562f2c6f0ec81a8342ce7f75cbb1f0

    • SHA512

      e4b92bcd993ca30196033f89fe5c7ab59f9592e79e8b0ea3fa11fdd12e2c90907627305d1b4481662eff45559a78aa75bc45823900a9ea1e1ae7c006b177df9e

    • SSDEEP

      6144:Kty+bnr+Jp0yN90QEYGYRDrn52gmMxkARcAZNYz3C2IOO5cA0FhcnytE93PrL/iE:rMrBy90aGCDdsmZI3E5QNE93PrjiE

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks