General

  • Target

    b1fc2e5b15cfc8c13a7cdbc4d66b552980933d9982f3c3ff29ecbaaa8aa7bef3

  • Size

    442KB

  • Sample

    241106-zlj2aswraz

  • MD5

    c86b49045515cca0578c5f8a207b1280

  • SHA1

    b72fa1adcb25e6c15571093ad625f8b043ab7405

  • SHA256

    b1fc2e5b15cfc8c13a7cdbc4d66b552980933d9982f3c3ff29ecbaaa8aa7bef3

  • SHA512

    bf58d1b8cc42b5ba26b4190ef413a009caeb02e7b603d1d1df77433fc38a821802756744ea897c236332dda0b3fb71ab8924db0f34a298c23faa16b0975257bc

  • SSDEEP

    6144:Kiy+bnr+pp0yN90QEcYNAIwIxpdfMQmVtgKZw8KDWClmo3AIoKEiBwajoKSB6SsV:iMrly90uYvwOKVpKDWU3ZAKSDzTw

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      b1fc2e5b15cfc8c13a7cdbc4d66b552980933d9982f3c3ff29ecbaaa8aa7bef3

    • Size

      442KB

    • MD5

      c86b49045515cca0578c5f8a207b1280

    • SHA1

      b72fa1adcb25e6c15571093ad625f8b043ab7405

    • SHA256

      b1fc2e5b15cfc8c13a7cdbc4d66b552980933d9982f3c3ff29ecbaaa8aa7bef3

    • SHA512

      bf58d1b8cc42b5ba26b4190ef413a009caeb02e7b603d1d1df77433fc38a821802756744ea897c236332dda0b3fb71ab8924db0f34a298c23faa16b0975257bc

    • SSDEEP

      6144:Kiy+bnr+pp0yN90QEcYNAIwIxpdfMQmVtgKZw8KDWClmo3AIoKEiBwajoKSB6SsV:iMrly90uYvwOKVpKDWU3ZAKSDzTw

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks