General

  • Target

    932ae583a7a6ef154f8410db16c35c05891fe5208acf8d8b126d01c326eb5e7b

  • Size

    440KB

  • Sample

    241106-vvclcstkhw

  • MD5

    a34b3898b1c4708d6840c6e261b3653a

  • SHA1

    3467fc6df79348fbfbbfe9f953d1187a8ee164c3

  • SHA256

    932ae583a7a6ef154f8410db16c35c05891fe5208acf8d8b126d01c326eb5e7b

  • SHA512

    affd500c864f1cfa6c3455819a4fcff368a4d87f1b5dca064f5634062dd8db4d7217a4b38e193292f34e23a55df4b83e2a04e73ed028dea1ebfb1283c85a8d52

  • SSDEEP

    12288:EMrKy90YhbDlc3gEd9bcCUfmU6CwWmjvOjI:Wy9hFc3gwpUOHYImjI

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      932ae583a7a6ef154f8410db16c35c05891fe5208acf8d8b126d01c326eb5e7b

    • Size

      440KB

    • MD5

      a34b3898b1c4708d6840c6e261b3653a

    • SHA1

      3467fc6df79348fbfbbfe9f953d1187a8ee164c3

    • SHA256

      932ae583a7a6ef154f8410db16c35c05891fe5208acf8d8b126d01c326eb5e7b

    • SHA512

      affd500c864f1cfa6c3455819a4fcff368a4d87f1b5dca064f5634062dd8db4d7217a4b38e193292f34e23a55df4b83e2a04e73ed028dea1ebfb1283c85a8d52

    • SSDEEP

      12288:EMrKy90YhbDlc3gEd9bcCUfmU6CwWmjvOjI:Wy9hFc3gwpUOHYImjI

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks