General

  • Target

    c6d1d8c5a79e245ceeceecd60f3c6f0701fcbca6827e7dae85ba6202a241dc45

  • Size

    442KB

  • Sample

    241106-vg3kmatjaz

  • MD5

    231e902af6a0539266357609dafc4a26

  • SHA1

    ac8039f717a8b629d680d7d8b47dc817a4cf6172

  • SHA256

    c6d1d8c5a79e245ceeceecd60f3c6f0701fcbca6827e7dae85ba6202a241dc45

  • SHA512

    3446cacba5ea55c6d46644e84974ee3891b06bdc74f18e3b42bf0c69d26da456c4929bc3d1c8234f1e6cf00404b7bdb93e72a561b5c0e54fbcfc00bc27c0c338

  • SSDEEP

    6144:KRy+bnr+/p0yN90QE3ev+dIikioG/Zj/fmLLL7kOJnkNqxdIF6lGaAw6LyjUMYP5:vMrby909TkioGhaL/Bk6eEVD6LI/OtP

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      c6d1d8c5a79e245ceeceecd60f3c6f0701fcbca6827e7dae85ba6202a241dc45

    • Size

      442KB

    • MD5

      231e902af6a0539266357609dafc4a26

    • SHA1

      ac8039f717a8b629d680d7d8b47dc817a4cf6172

    • SHA256

      c6d1d8c5a79e245ceeceecd60f3c6f0701fcbca6827e7dae85ba6202a241dc45

    • SHA512

      3446cacba5ea55c6d46644e84974ee3891b06bdc74f18e3b42bf0c69d26da456c4929bc3d1c8234f1e6cf00404b7bdb93e72a561b5c0e54fbcfc00bc27c0c338

    • SSDEEP

      6144:KRy+bnr+/p0yN90QE3ev+dIikioG/Zj/fmLLL7kOJnkNqxdIF6lGaAw6LyjUMYP5:vMrby909TkioGhaL/Bk6eEVD6LI/OtP

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks