General

  • Target

    f838052f632fb0126c31d2341bfd87ab98f0fa7701001871ce05de6d61bce470

  • Size

    441KB

  • Sample

    241106-p9y51s1aka

  • MD5

    e281db518c0103222be8f993d7c069de

  • SHA1

    cedaa19297d3ae2112dea0c9f3d89db1010708ac

  • SHA256

    f838052f632fb0126c31d2341bfd87ab98f0fa7701001871ce05de6d61bce470

  • SHA512

    4c6bfae3a1f99bc5b3f7072bb8204dd368875faea0f5bd713d9b562c2be049c6f7f1edb88fb113c9e9f11e21d8585b971b5938cacb6997192b2470755867ec2c

  • SSDEEP

    12288:RMr4y902fxfEASjtv3p+2wj25s5hBYQaqjS:dy5xfEJojIeYQaqu

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      f838052f632fb0126c31d2341bfd87ab98f0fa7701001871ce05de6d61bce470

    • Size

      441KB

    • MD5

      e281db518c0103222be8f993d7c069de

    • SHA1

      cedaa19297d3ae2112dea0c9f3d89db1010708ac

    • SHA256

      f838052f632fb0126c31d2341bfd87ab98f0fa7701001871ce05de6d61bce470

    • SHA512

      4c6bfae3a1f99bc5b3f7072bb8204dd368875faea0f5bd713d9b562c2be049c6f7f1edb88fb113c9e9f11e21d8585b971b5938cacb6997192b2470755867ec2c

    • SSDEEP

      12288:RMr4y902fxfEASjtv3p+2wj25s5hBYQaqjS:dy5xfEJojIeYQaqu

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks