General

  • Target

    d8db69c6013f2f96b70cd685c3adc974b4ad02848deef0ada0fa6f239f077c6b

  • Size

    433KB

  • Sample

    241106-p9qhwazlbs

  • MD5

    9a3da390ffb0558b0fe48b02eb861a8f

  • SHA1

    d9b2fe78efab0a9d383530f89975da7f3f20ff00

  • SHA256

    d8db69c6013f2f96b70cd685c3adc974b4ad02848deef0ada0fa6f239f077c6b

  • SHA512

    96af7bf14ef21b7d10e5fd7abbfc4b2dfe6de97465f0f03b97d61c46bd48d34d3b4e7c54108a28dd7e4cff671cfd52df28fbf5c25987e9341a884d837acce497

  • SSDEEP

    6144:KQy+bnr+yp0yN90QEVQ0WHWC+dbx1A59C7ai4Y3HaBWAeDMLu5/z8mSCQ:cMrWy90oWCWbxy59C7a3Y3PfMLmWCQ

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      d8db69c6013f2f96b70cd685c3adc974b4ad02848deef0ada0fa6f239f077c6b

    • Size

      433KB

    • MD5

      9a3da390ffb0558b0fe48b02eb861a8f

    • SHA1

      d9b2fe78efab0a9d383530f89975da7f3f20ff00

    • SHA256

      d8db69c6013f2f96b70cd685c3adc974b4ad02848deef0ada0fa6f239f077c6b

    • SHA512

      96af7bf14ef21b7d10e5fd7abbfc4b2dfe6de97465f0f03b97d61c46bd48d34d3b4e7c54108a28dd7e4cff671cfd52df28fbf5c25987e9341a884d837acce497

    • SSDEEP

      6144:KQy+bnr+yp0yN90QEVQ0WHWC+dbx1A59C7ai4Y3HaBWAeDMLu5/z8mSCQ:cMrWy90oWCWbxy59C7a3Y3PfMLmWCQ

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks