General

  • Target

    08d5eb732883b4abd0bcbeacd875c0d58a4086ed95f307b435e8f3d910bfed41

  • Size

    440KB

  • Sample

    241106-r5bv2asfmr

  • MD5

    f12664a2a5e0158917243df3463a5dfb

  • SHA1

    bd0b20c0be993aebe83db8cd455107d7c6bbe941

  • SHA256

    08d5eb732883b4abd0bcbeacd875c0d58a4086ed95f307b435e8f3d910bfed41

  • SHA512

    ce4b60f8cac7c4a6c3b83c0845c5a09b59a9e00491244a05e91228afaccc6a0705601599e992a6589efac35483be9219e20281b85350d20f580bad5739adf14a

  • SSDEEP

    6144:KQy+bnr+dp0yN90QEnwyfkS8XvrLCeoXfjiM0PVd+jkt5y+52VXjHGGZ4GORecAV:4Mrpy90mCztPjiOktZ0VXjHTZ41cftH

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      08d5eb732883b4abd0bcbeacd875c0d58a4086ed95f307b435e8f3d910bfed41

    • Size

      440KB

    • MD5

      f12664a2a5e0158917243df3463a5dfb

    • SHA1

      bd0b20c0be993aebe83db8cd455107d7c6bbe941

    • SHA256

      08d5eb732883b4abd0bcbeacd875c0d58a4086ed95f307b435e8f3d910bfed41

    • SHA512

      ce4b60f8cac7c4a6c3b83c0845c5a09b59a9e00491244a05e91228afaccc6a0705601599e992a6589efac35483be9219e20281b85350d20f580bad5739adf14a

    • SSDEEP

      6144:KQy+bnr+dp0yN90QEnwyfkS8XvrLCeoXfjiM0PVd+jkt5y+52VXjHGGZ4GORecAV:4Mrpy90mCztPjiOktZ0VXjHTZ41cftH

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks