General

  • Target

    18a3e9de5a17119fbfb0de79ea53dad9e3119e12cc0f3981d609432939e6c56a

  • Size

    441KB

  • Sample

    241106-rdpykstncm

  • MD5

    463d5f914cf49c8e6387f36854b561c6

  • SHA1

    324a51e6c6846b0480ff86545e360d2aae5ae0ce

  • SHA256

    18a3e9de5a17119fbfb0de79ea53dad9e3119e12cc0f3981d609432939e6c56a

  • SHA512

    10c643bc251b171b7dbae007f3a2e72d5ddaebedc1524d1a1ea30a88b169194eedfc0c6feccb0d36a785e83d082c488832cf5bf5b828203f8c3ffe5fc547d54d

  • SSDEEP

    12288:NMrSy90+fxfEASjtv3p+2wj25s5hBYQalk:HyxxfEJojIeYQalk

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      18a3e9de5a17119fbfb0de79ea53dad9e3119e12cc0f3981d609432939e6c56a

    • Size

      441KB

    • MD5

      463d5f914cf49c8e6387f36854b561c6

    • SHA1

      324a51e6c6846b0480ff86545e360d2aae5ae0ce

    • SHA256

      18a3e9de5a17119fbfb0de79ea53dad9e3119e12cc0f3981d609432939e6c56a

    • SHA512

      10c643bc251b171b7dbae007f3a2e72d5ddaebedc1524d1a1ea30a88b169194eedfc0c6feccb0d36a785e83d082c488832cf5bf5b828203f8c3ffe5fc547d54d

    • SSDEEP

      12288:NMrSy90+fxfEASjtv3p+2wj25s5hBYQalk:HyxxfEJojIeYQalk

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks