General

  • Target

    3241e695dc43f935c53955755be93d666758e22f64a9e560ae27df1c09314869

  • Size

    433KB

  • Sample

    241106-s94x2sskfv

  • MD5

    57f09f371b72d36624a9f076e9356ecf

  • SHA1

    95cecc11fb699dbeff0bd7ab58d9a15eac463a10

  • SHA256

    3241e695dc43f935c53955755be93d666758e22f64a9e560ae27df1c09314869

  • SHA512

    96eb9368318a1b3ffd49fac91a8647f074dcc4c9f4cd1b3ab3b91bf49140567b92c52e90121699fed52d0dbb95d8a87a4ab5c04e08f0c0a8f427e4b6f0089d0c

  • SSDEEP

    12288:CMrXy90578bm8q4pif/DdRm19HgWMtMV:tyrmX7Dd0XA1tS

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      3241e695dc43f935c53955755be93d666758e22f64a9e560ae27df1c09314869

    • Size

      433KB

    • MD5

      57f09f371b72d36624a9f076e9356ecf

    • SHA1

      95cecc11fb699dbeff0bd7ab58d9a15eac463a10

    • SHA256

      3241e695dc43f935c53955755be93d666758e22f64a9e560ae27df1c09314869

    • SHA512

      96eb9368318a1b3ffd49fac91a8647f074dcc4c9f4cd1b3ab3b91bf49140567b92c52e90121699fed52d0dbb95d8a87a4ab5c04e08f0c0a8f427e4b6f0089d0c

    • SSDEEP

      12288:CMrXy90578bm8q4pif/DdRm19HgWMtMV:tyrmX7Dd0XA1tS

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks