General

  • Target

    ab767f15f9a69495d307e2e60d0c43d6e0c92e84e45bd776c37bc03c4713ec06

  • Size

    442KB

  • Sample

    241107-ketjtsyjgx

  • MD5

    768bd5221dd2f02c4ac10581e2276d12

  • SHA1

    bdd2d274ae5043a246065b82311c04b69b403af6

  • SHA256

    ab767f15f9a69495d307e2e60d0c43d6e0c92e84e45bd776c37bc03c4713ec06

  • SHA512

    0df4b93de79b8d6c4c881f92b71b08c7e1298f19dcb856da75775e0faae75e570cfbec5d7dc339a8cd18eeb4709ac5b361423e5caf85f5f59663d6f0d9bc4c58

  • SSDEEP

    12288:1MrUy90zxQih1l5eJwD7ob0ZR0DC/wazZN6:RyOh1HeJwD7ooclai

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      ab767f15f9a69495d307e2e60d0c43d6e0c92e84e45bd776c37bc03c4713ec06

    • Size

      442KB

    • MD5

      768bd5221dd2f02c4ac10581e2276d12

    • SHA1

      bdd2d274ae5043a246065b82311c04b69b403af6

    • SHA256

      ab767f15f9a69495d307e2e60d0c43d6e0c92e84e45bd776c37bc03c4713ec06

    • SHA512

      0df4b93de79b8d6c4c881f92b71b08c7e1298f19dcb856da75775e0faae75e570cfbec5d7dc339a8cd18eeb4709ac5b361423e5caf85f5f59663d6f0d9bc4c58

    • SSDEEP

      12288:1MrUy90zxQih1l5eJwD7ob0ZR0DC/wazZN6:RyOh1HeJwD7ooclai

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks