General

  • Target

    7f894c2b8dd5ca9ee1c814fd67ad3ae0af6f8586c551417217d1e1008070de10

  • Size

    441KB

  • Sample

    241106-rmbgjs1gqc

  • MD5

    7ec792daa88264e5e9f67803f9f9f113

  • SHA1

    915f22525acc2a35c76b2e3f6ed7ee29dcefb871

  • SHA256

    7f894c2b8dd5ca9ee1c814fd67ad3ae0af6f8586c551417217d1e1008070de10

  • SHA512

    b83271117087f271303aa040ab7f623168ba36a5e8aa90a78ba1d3458e5c6a8e18efbcda3a496a0ed2b0d7c0b47952391ab55853ece295ff8e730e1f85e3655e

  • SSDEEP

    12288:7Mrry90wxcr2wrrAOebAYs1zF6KqOP6goaGqN8I:AyLcrZrrAxsT6KqP6v

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      7f894c2b8dd5ca9ee1c814fd67ad3ae0af6f8586c551417217d1e1008070de10

    • Size

      441KB

    • MD5

      7ec792daa88264e5e9f67803f9f9f113

    • SHA1

      915f22525acc2a35c76b2e3f6ed7ee29dcefb871

    • SHA256

      7f894c2b8dd5ca9ee1c814fd67ad3ae0af6f8586c551417217d1e1008070de10

    • SHA512

      b83271117087f271303aa040ab7f623168ba36a5e8aa90a78ba1d3458e5c6a8e18efbcda3a496a0ed2b0d7c0b47952391ab55853ece295ff8e730e1f85e3655e

    • SSDEEP

      12288:7Mrry90wxcr2wrrAOebAYs1zF6KqOP6goaGqN8I:AyLcrZrrAxsT6KqP6v

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks