General

  • Target

    146516d6810566a6731254b0ea41c114090a2ab33ae7a68084041bec0f283c02

  • Size

    433KB

  • Sample

    241106-s6f2tashjh

  • MD5

    3cdf8a69119aa26f7638680705428843

  • SHA1

    70cea1a8e677093500fdbc6540dc1a9321c61919

  • SHA256

    146516d6810566a6731254b0ea41c114090a2ab33ae7a68084041bec0f283c02

  • SHA512

    2afdc7f51ebd28a1dbb55633d1c0baa11426a72ebe4e6fd962bb7bf41b05417f2bb0c6e1a2971397b17888fbe5deaaf65829230ab9d678af9a3c19408e7358a6

  • SSDEEP

    6144:K1y+bnr+yp0yN90QE8Q0WHWC+dbx1A59C7ai4Y3HaBWAeDMLu5/z8mSnQ:PMrWy90RWCWbxy59C7a3Y3PfMLmWnQ

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      146516d6810566a6731254b0ea41c114090a2ab33ae7a68084041bec0f283c02

    • Size

      433KB

    • MD5

      3cdf8a69119aa26f7638680705428843

    • SHA1

      70cea1a8e677093500fdbc6540dc1a9321c61919

    • SHA256

      146516d6810566a6731254b0ea41c114090a2ab33ae7a68084041bec0f283c02

    • SHA512

      2afdc7f51ebd28a1dbb55633d1c0baa11426a72ebe4e6fd962bb7bf41b05417f2bb0c6e1a2971397b17888fbe5deaaf65829230ab9d678af9a3c19408e7358a6

    • SSDEEP

      6144:K1y+bnr+yp0yN90QE8Q0WHWC+dbx1A59C7ai4Y3HaBWAeDMLu5/z8mSnQ:PMrWy90RWCWbxy59C7a3Y3PfMLmWnQ

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks