General

  • Target

    6729f42659e374bf740029708d33e331f398826e00eccb8e1ef984921fd0d802

  • Size

    435KB

  • Sample

    241107-g1kx2awnas

  • MD5

    312339effeb7070b2265ba001ecdd9a3

  • SHA1

    677ea57ce2d0ab23fea135220547e921f214636d

  • SHA256

    6729f42659e374bf740029708d33e331f398826e00eccb8e1ef984921fd0d802

  • SHA512

    4b6338a79a568a087927d5caaa6c03c678b7008585f593e5c7356ee9cf563219d5cb7255124c9f91cd0a93711ac8eccfe12e1cd16d669ca7ef5f4951881a6464

  • SSDEEP

    12288:yMrpy90hz7+yhqiE4DKjtRkJQY0AcK7pI:7y62gqnRjtRkJX0/ga

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      6729f42659e374bf740029708d33e331f398826e00eccb8e1ef984921fd0d802

    • Size

      435KB

    • MD5

      312339effeb7070b2265ba001ecdd9a3

    • SHA1

      677ea57ce2d0ab23fea135220547e921f214636d

    • SHA256

      6729f42659e374bf740029708d33e331f398826e00eccb8e1ef984921fd0d802

    • SHA512

      4b6338a79a568a087927d5caaa6c03c678b7008585f593e5c7356ee9cf563219d5cb7255124c9f91cd0a93711ac8eccfe12e1cd16d669ca7ef5f4951881a6464

    • SSDEEP

      12288:yMrpy90hz7+yhqiE4DKjtRkJQY0AcK7pI:7y62gqnRjtRkJX0/ga

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks