General

  • Target

    c55a569fa0d25ec9b3f130e692afd6d3902abf39cd1af2e6f0d8db0eb8fc2bb9

  • Size

    440KB

  • Sample

    241106-vqgdrawphq

  • MD5

    4721ce3e212ec68e7dc96ced83875a62

  • SHA1

    12435fde1401789409ccdafd7f3d12a1467545e1

  • SHA256

    c55a569fa0d25ec9b3f130e692afd6d3902abf39cd1af2e6f0d8db0eb8fc2bb9

  • SHA512

    4d8fcebf81d98718ae761525e4ad95740b76522367f6abdeab426f504963cb298062cab5206bd94b3f8b1f9781c4c522605d26f6c56d34475ac84742b484b52a

  • SSDEEP

    12288:LMrMy90OTR5OIiBn6nM33HBBrZiHf3AqGb5Nulhd3/XK:LyvbdknL3H4FG/ahJ/XK

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      c55a569fa0d25ec9b3f130e692afd6d3902abf39cd1af2e6f0d8db0eb8fc2bb9

    • Size

      440KB

    • MD5

      4721ce3e212ec68e7dc96ced83875a62

    • SHA1

      12435fde1401789409ccdafd7f3d12a1467545e1

    • SHA256

      c55a569fa0d25ec9b3f130e692afd6d3902abf39cd1af2e6f0d8db0eb8fc2bb9

    • SHA512

      4d8fcebf81d98718ae761525e4ad95740b76522367f6abdeab426f504963cb298062cab5206bd94b3f8b1f9781c4c522605d26f6c56d34475ac84742b484b52a

    • SSDEEP

      12288:LMrMy90OTR5OIiBn6nM33HBBrZiHf3AqGb5Nulhd3/XK:LyvbdknL3H4FG/ahJ/XK

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks