General

  • Target

    5d283ceae286c1f348e6752fa4253fcaa82c6d6a8ea69824a67744c22833df8f

  • Size

    433KB

  • Sample

    241106-y4vp3sxbre

  • MD5

    d5ba9b3bdbbb2056e350df71159dda45

  • SHA1

    e71c510ca85ed28cc00e5d53c4c6934b20529190

  • SHA256

    5d283ceae286c1f348e6752fa4253fcaa82c6d6a8ea69824a67744c22833df8f

  • SHA512

    345a63edb697103ea91d770eca5f820292c884535b179c91be52ff6352bedbd127f06619db3f2574727560056353f09d206b0c6cbb6142ebb7b55ea6d347bb84

  • SSDEEP

    6144:Khy+bnr+Gp0yN90QEYQ0WHWC+dbx1A59C7ai4Y3HaBWAeDMLu5/z8mSte:fMrCy90FWCWbxy59C7a3Y3PfMLmWte

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      5d283ceae286c1f348e6752fa4253fcaa82c6d6a8ea69824a67744c22833df8f

    • Size

      433KB

    • MD5

      d5ba9b3bdbbb2056e350df71159dda45

    • SHA1

      e71c510ca85ed28cc00e5d53c4c6934b20529190

    • SHA256

      5d283ceae286c1f348e6752fa4253fcaa82c6d6a8ea69824a67744c22833df8f

    • SHA512

      345a63edb697103ea91d770eca5f820292c884535b179c91be52ff6352bedbd127f06619db3f2574727560056353f09d206b0c6cbb6142ebb7b55ea6d347bb84

    • SSDEEP

      6144:Khy+bnr+Gp0yN90QEYQ0WHWC+dbx1A59C7ai4Y3HaBWAeDMLu5/z8mSte:fMrCy90FWCWbxy59C7a3Y3PfMLmWte

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks