General

  • Target

    9c6dabad90c5508aff3d49677c7acf1f78ad60dd197319f255e0bf486fea51cb

  • Size

    441KB

  • Sample

    241106-rqwxna1lav

  • MD5

    7f193bff59dd5bd4ab0aac3e60752227

  • SHA1

    55ba0aa7264f042ad8910d55c924e6c19ff5d2ed

  • SHA256

    9c6dabad90c5508aff3d49677c7acf1f78ad60dd197319f255e0bf486fea51cb

  • SHA512

    16d2d18d8ca89bf8edc330d7c8fc87d1c12c9cd7fae7e3f22d424bb8e376d2ef16a72c004f4b66b9b97c72c7238ac0e6f30086725ae608cda30670274f628893

  • SSDEEP

    12288:JMrpy900vN7H7EfwY9DU5iSD4FnUlnzhD11:8yZFH7EfL0p4uVzp

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      9c6dabad90c5508aff3d49677c7acf1f78ad60dd197319f255e0bf486fea51cb

    • Size

      441KB

    • MD5

      7f193bff59dd5bd4ab0aac3e60752227

    • SHA1

      55ba0aa7264f042ad8910d55c924e6c19ff5d2ed

    • SHA256

      9c6dabad90c5508aff3d49677c7acf1f78ad60dd197319f255e0bf486fea51cb

    • SHA512

      16d2d18d8ca89bf8edc330d7c8fc87d1c12c9cd7fae7e3f22d424bb8e376d2ef16a72c004f4b66b9b97c72c7238ac0e6f30086725ae608cda30670274f628893

    • SSDEEP

      12288:JMrpy900vN7H7EfwY9DU5iSD4FnUlnzhD11:8yZFH7EfL0p4uVzp

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks