General

  • Target

    b9d68494ad7a0a81a86ee229300abbe28bba2e923729da07d9fdb7ef52a350f9

  • Size

    433KB

  • Sample

    241106-t944gssrat

  • MD5

    8d30217bb3de46ddbddaf8e4952a5dfc

  • SHA1

    0206ceb8d5ab2674752ce53aa74200e6dcce8fff

  • SHA256

    b9d68494ad7a0a81a86ee229300abbe28bba2e923729da07d9fdb7ef52a350f9

  • SHA512

    2a0fb650d124b34ce4f5e4a63518f16914b2a7811040c3eeda33a23198db802d8d9c3defc746ff0fbe89e5498ca676aa26d9d5e251b2b250ada3c864eb13baee

  • SSDEEP

    12288:NMrKy90lWCWbxy59C7a3Y3PfMLFROcwMNq:ry+WCWbsrC7a3YffM5RN2

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      b9d68494ad7a0a81a86ee229300abbe28bba2e923729da07d9fdb7ef52a350f9

    • Size

      433KB

    • MD5

      8d30217bb3de46ddbddaf8e4952a5dfc

    • SHA1

      0206ceb8d5ab2674752ce53aa74200e6dcce8fff

    • SHA256

      b9d68494ad7a0a81a86ee229300abbe28bba2e923729da07d9fdb7ef52a350f9

    • SHA512

      2a0fb650d124b34ce4f5e4a63518f16914b2a7811040c3eeda33a23198db802d8d9c3defc746ff0fbe89e5498ca676aa26d9d5e251b2b250ada3c864eb13baee

    • SSDEEP

      12288:NMrKy90lWCWbxy59C7a3Y3PfMLFROcwMNq:ry+WCWbsrC7a3YffM5RN2

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks