General

  • Target

    6252add0c98c92913fae2abc8e289dbcce5434d42438883e8286dbde450bbccc

  • Size

    442KB

  • Sample

    241106-wmcf3axlbq

  • MD5

    741ce2f37003b0455591ff469ae10442

  • SHA1

    45b9657b38e2f8366a3dc1664dedfe634c3508f9

  • SHA256

    6252add0c98c92913fae2abc8e289dbcce5434d42438883e8286dbde450bbccc

  • SHA512

    dd95c3211f652c7d863293bad51abdd0f4a162a8518ed6ea8ced51e3e6127764b334881d04a4e0f94696eab08e7ba65e4dc09c3839aeea6b730ce7fcf0a6533d

  • SSDEEP

    12288:pMrWy9082yQIao4r6opPiRs94S4q1cXsK:LyR2ytUpd4q4X

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      6252add0c98c92913fae2abc8e289dbcce5434d42438883e8286dbde450bbccc

    • Size

      442KB

    • MD5

      741ce2f37003b0455591ff469ae10442

    • SHA1

      45b9657b38e2f8366a3dc1664dedfe634c3508f9

    • SHA256

      6252add0c98c92913fae2abc8e289dbcce5434d42438883e8286dbde450bbccc

    • SHA512

      dd95c3211f652c7d863293bad51abdd0f4a162a8518ed6ea8ced51e3e6127764b334881d04a4e0f94696eab08e7ba65e4dc09c3839aeea6b730ce7fcf0a6533d

    • SSDEEP

      12288:pMrWy9082yQIao4r6opPiRs94S4q1cXsK:LyR2ytUpd4q4X

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks