General

  • Target

    0ef8492fe3a731081a5867d82a70f1e74ae8f71760ab0fffe284614310295e47

  • Size

    433KB

  • Sample

    241106-yptjgayqdj

  • MD5

    63a5ae81cb2054b1e9793d8e6bc65600

  • SHA1

    771022ff3cb328578875fd6f4d3756f0c9e3d809

  • SHA256

    0ef8492fe3a731081a5867d82a70f1e74ae8f71760ab0fffe284614310295e47

  • SHA512

    9f7f5f79c0749949e326943033f93a0ccbc25a37890b12b10befe9874ecac7bb6963ef098d40a38f9f0259d36b0e6308a1d80326375e65a9170478e6e09daf4c

  • SSDEEP

    6144:KNy+bnr+mp0yN90QECQ0WHWC+dbx1A59C7ai4Y3HaBWAeDMLu5/z8mSTp:TMr6y90vWCWbxy59C7a3Y3PfMLmWTp

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      0ef8492fe3a731081a5867d82a70f1e74ae8f71760ab0fffe284614310295e47

    • Size

      433KB

    • MD5

      63a5ae81cb2054b1e9793d8e6bc65600

    • SHA1

      771022ff3cb328578875fd6f4d3756f0c9e3d809

    • SHA256

      0ef8492fe3a731081a5867d82a70f1e74ae8f71760ab0fffe284614310295e47

    • SHA512

      9f7f5f79c0749949e326943033f93a0ccbc25a37890b12b10befe9874ecac7bb6963ef098d40a38f9f0259d36b0e6308a1d80326375e65a9170478e6e09daf4c

    • SSDEEP

      6144:KNy+bnr+mp0yN90QECQ0WHWC+dbx1A59C7ai4Y3HaBWAeDMLu5/z8mSTp:TMr6y90vWCWbxy59C7a3Y3PfMLmWTp

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks