General

  • Target

    2612e7cc791acbe83ce8c4063ff90ee13297ff45672b8d38c1eea36583da49c6

  • Size

    441KB

  • Sample

    241107-hlgshawrgz

  • MD5

    7891ae4db3e19ff4c77017dd6d251f29

  • SHA1

    b74fb55fb38d10966c6fa1055e9ece795d691dec

  • SHA256

    2612e7cc791acbe83ce8c4063ff90ee13297ff45672b8d38c1eea36583da49c6

  • SHA512

    4c435b5b1f17e1b59629fd4e31239416342da6025a1c539a3790db0d68f38c38141acb2afc17bd67ff93374653d5e7d6afed0cb734f9ca6afa913a8ce675cec6

  • SSDEEP

    6144:KDy+bnr+8p0yN90QEsGYRDrn52gmMxkARcAZNYz3C2IOO5cA0Fhcny3FDqXJ2MS:RMrwy90iGCDdsmZI3E5QXFDqK

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      2612e7cc791acbe83ce8c4063ff90ee13297ff45672b8d38c1eea36583da49c6

    • Size

      441KB

    • MD5

      7891ae4db3e19ff4c77017dd6d251f29

    • SHA1

      b74fb55fb38d10966c6fa1055e9ece795d691dec

    • SHA256

      2612e7cc791acbe83ce8c4063ff90ee13297ff45672b8d38c1eea36583da49c6

    • SHA512

      4c435b5b1f17e1b59629fd4e31239416342da6025a1c539a3790db0d68f38c38141acb2afc17bd67ff93374653d5e7d6afed0cb734f9ca6afa913a8ce675cec6

    • SSDEEP

      6144:KDy+bnr+8p0yN90QEsGYRDrn52gmMxkARcAZNYz3C2IOO5cA0Fhcny3FDqXJ2MS:RMrwy90iGCDdsmZI3E5QXFDqK

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks