General

  • Target

    95e0ef6ffa8654b1b4d4519fa167b7dc6d51a6fca5c99beb01048b998c041886

  • Size

    442KB

  • Sample

    241106-vcnkxaterc

  • MD5

    dfc09050f855ea50b1a917bed4f614a6

  • SHA1

    869fd246e375831d130c0163bf8029a4965a145e

  • SHA256

    95e0ef6ffa8654b1b4d4519fa167b7dc6d51a6fca5c99beb01048b998c041886

  • SHA512

    64a87932fe6551459b8b67bae6a871fa9d2b226e55b83b022cde078d3015d9e1eb9080e72bea314558b50a01fd794f04258739aa17b365ed7ec48e327f368ab2

  • SSDEEP

    12288:SMrBy90B+8ffHfgOBfANsMztBc6hO8YQhx0X:jyGvfvDBYNFtBc1syX

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      95e0ef6ffa8654b1b4d4519fa167b7dc6d51a6fca5c99beb01048b998c041886

    • Size

      442KB

    • MD5

      dfc09050f855ea50b1a917bed4f614a6

    • SHA1

      869fd246e375831d130c0163bf8029a4965a145e

    • SHA256

      95e0ef6ffa8654b1b4d4519fa167b7dc6d51a6fca5c99beb01048b998c041886

    • SHA512

      64a87932fe6551459b8b67bae6a871fa9d2b226e55b83b022cde078d3015d9e1eb9080e72bea314558b50a01fd794f04258739aa17b365ed7ec48e327f368ab2

    • SSDEEP

      12288:SMrBy90B+8ffHfgOBfANsMztBc6hO8YQhx0X:jyGvfvDBYNFtBc1syX

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks