General

  • Target

    e341132c3d82b95c7fd39798bd29c991793b52444f6242807f618645ec2506b9

  • Size

    441KB

  • Sample

    241107-hwgv9azqhl

  • MD5

    4a1a3dee7ff31a879d314144519b87c3

  • SHA1

    1e0268d239031e7da747286e87a768a22cc349da

  • SHA256

    e341132c3d82b95c7fd39798bd29c991793b52444f6242807f618645ec2506b9

  • SHA512

    902d94abcbf39d5aec68db93fdc5f89f4c927448c86526b930b911edd7b956b13c02ca3df3cb96ecaa4f7bea91ff222d98d5277d4e85b553cb9973e1acb51e96

  • SSDEEP

    6144:KLy+bnr+Bp0yN90QEgxvPKKPW4IK73XYroESG9/OYTXV9nJdH05iSqe8u4FnUnGu:dMrty90OvN7H7EfwY9DU5iSD4FnU5Q+

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      e341132c3d82b95c7fd39798bd29c991793b52444f6242807f618645ec2506b9

    • Size

      441KB

    • MD5

      4a1a3dee7ff31a879d314144519b87c3

    • SHA1

      1e0268d239031e7da747286e87a768a22cc349da

    • SHA256

      e341132c3d82b95c7fd39798bd29c991793b52444f6242807f618645ec2506b9

    • SHA512

      902d94abcbf39d5aec68db93fdc5f89f4c927448c86526b930b911edd7b956b13c02ca3df3cb96ecaa4f7bea91ff222d98d5277d4e85b553cb9973e1acb51e96

    • SSDEEP

      6144:KLy+bnr+Bp0yN90QEgxvPKKPW4IK73XYroESG9/OYTXV9nJdH05iSqe8u4FnUnGu:dMrty90OvN7H7EfwY9DU5iSD4FnU5Q+

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks