General

  • Target

    0673225e7432a21b49ea6e69925c92acf9c172006384dd3b2060801d0d9fe233

  • Size

    440KB

  • Sample

    241106-y9kgaswnh1

  • MD5

    4f2016ea1459c9e80cad59639380d41c

  • SHA1

    8e9a46669061f34737d254fdcc35dc6e14b7188e

  • SHA256

    0673225e7432a21b49ea6e69925c92acf9c172006384dd3b2060801d0d9fe233

  • SHA512

    06da60dbfec95aef0bdbf074274b07178886a08af7a567daa4337a53824c28012c08769cebad60c7ff1469143d9870cc2f200009c440cfb80dee6983e1fb5797

  • SSDEEP

    6144:KYy+bnr+Wp0yN90QEAU4NCXbAkz/0su1digqs4ujd8ifiFVDsT2couGzJWXo2a8R:QMrWy90GJNCUA/bU7wJiKNcIWvvR

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      0673225e7432a21b49ea6e69925c92acf9c172006384dd3b2060801d0d9fe233

    • Size

      440KB

    • MD5

      4f2016ea1459c9e80cad59639380d41c

    • SHA1

      8e9a46669061f34737d254fdcc35dc6e14b7188e

    • SHA256

      0673225e7432a21b49ea6e69925c92acf9c172006384dd3b2060801d0d9fe233

    • SHA512

      06da60dbfec95aef0bdbf074274b07178886a08af7a567daa4337a53824c28012c08769cebad60c7ff1469143d9870cc2f200009c440cfb80dee6983e1fb5797

    • SSDEEP

      6144:KYy+bnr+Wp0yN90QEAU4NCXbAkz/0su1digqs4ujd8ifiFVDsT2couGzJWXo2a8R:QMrWy90GJNCUA/bU7wJiKNcIWvvR

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks