General

  • Target

    fc508838d7c4d4cb7f556e0abb6c4b8cd9735caa2f37e1ebdf8fead538d15629

  • Size

    441KB

  • Sample

    241106-3b6dbszfnf

  • MD5

    552f044b03afdee17841f80be40876ea

  • SHA1

    8b756f60618a337f3f826b8631083c6f5236a9cd

  • SHA256

    fc508838d7c4d4cb7f556e0abb6c4b8cd9735caa2f37e1ebdf8fead538d15629

  • SHA512

    42671150f09370bad3c7bf97f6372888b1dd7dbbb5b29dfc40b3d07903c72e74b341c3d91b99191ba28759bb63cc2977d42d15cdddce3d1c01a7289b3a3d5bab

  • SSDEEP

    12288:NMrWy90nfxfEASjtv3p+2wj25s5hBYQal4:jyExfEJojIeYQal4

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      fc508838d7c4d4cb7f556e0abb6c4b8cd9735caa2f37e1ebdf8fead538d15629

    • Size

      441KB

    • MD5

      552f044b03afdee17841f80be40876ea

    • SHA1

      8b756f60618a337f3f826b8631083c6f5236a9cd

    • SHA256

      fc508838d7c4d4cb7f556e0abb6c4b8cd9735caa2f37e1ebdf8fead538d15629

    • SHA512

      42671150f09370bad3c7bf97f6372888b1dd7dbbb5b29dfc40b3d07903c72e74b341c3d91b99191ba28759bb63cc2977d42d15cdddce3d1c01a7289b3a3d5bab

    • SSDEEP

      12288:NMrWy90nfxfEASjtv3p+2wj25s5hBYQal4:jyExfEJojIeYQal4

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks