General

  • Target

    9e0f7396c19490070650a8c12ce330da8d79bda392f69bee1dfaf06c51d9a3a3

  • Size

    433KB

  • Sample

    241106-s28w2atbqn

  • MD5

    355162f9f25001d85a63b94356d3ab8c

  • SHA1

    9d993be9dad4d8b19d3f40934522e2e5b5e3ce2e

  • SHA256

    9e0f7396c19490070650a8c12ce330da8d79bda392f69bee1dfaf06c51d9a3a3

  • SHA512

    5d8850850dcdbb99bc68e9cfc8fd5d5e662dfb7191c3aae70cc7ed2f97d0ae857dc846baf051db2b564bc2de8df7fed4e489e7c7ccafb7346ec5356f4e566511

  • SSDEEP

    12288:PMrky90bWCWbxy59C7a3Y3PfMLFROcwo:TygWCWbsrC7a3YffM5RNN

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      9e0f7396c19490070650a8c12ce330da8d79bda392f69bee1dfaf06c51d9a3a3

    • Size

      433KB

    • MD5

      355162f9f25001d85a63b94356d3ab8c

    • SHA1

      9d993be9dad4d8b19d3f40934522e2e5b5e3ce2e

    • SHA256

      9e0f7396c19490070650a8c12ce330da8d79bda392f69bee1dfaf06c51d9a3a3

    • SHA512

      5d8850850dcdbb99bc68e9cfc8fd5d5e662dfb7191c3aae70cc7ed2f97d0ae857dc846baf051db2b564bc2de8df7fed4e489e7c7ccafb7346ec5356f4e566511

    • SSDEEP

      12288:PMrky90bWCWbxy59C7a3Y3PfMLFROcwo:TygWCWbsrC7a3YffM5RNN

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks