General

  • Target

    c862c7a66894aec907e72fdc1f8b5e785760d6a3cde99cb6cf43f048820072dc

  • Size

    435KB

  • Sample

    241107-hwmfqsxgqe

  • MD5

    d7a91bfd2c4ea29608ffbced7e26f3c7

  • SHA1

    13ccc240697e303b95eedc94b6196b06c43ef2e5

  • SHA256

    c862c7a66894aec907e72fdc1f8b5e785760d6a3cde99cb6cf43f048820072dc

  • SHA512

    be70436c85e93bb37780f68de85e211aa5cc880c249425363139a5969a664d3e3cf6d5373e0111ff06a71efa092290b80db8c8029c6a2b300afb4a9d2ea5d30d

  • SSDEEP

    12288:zMrly902z7+yhqiE4DKjtRkJQY0AcKUM:myt2gqnRjtRkJX0/nM

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      c862c7a66894aec907e72fdc1f8b5e785760d6a3cde99cb6cf43f048820072dc

    • Size

      435KB

    • MD5

      d7a91bfd2c4ea29608ffbced7e26f3c7

    • SHA1

      13ccc240697e303b95eedc94b6196b06c43ef2e5

    • SHA256

      c862c7a66894aec907e72fdc1f8b5e785760d6a3cde99cb6cf43f048820072dc

    • SHA512

      be70436c85e93bb37780f68de85e211aa5cc880c249425363139a5969a664d3e3cf6d5373e0111ff06a71efa092290b80db8c8029c6a2b300afb4a9d2ea5d30d

    • SSDEEP

      12288:zMrly902z7+yhqiE4DKjtRkJQY0AcKUM:myt2gqnRjtRkJX0/nM

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks