General

  • Target

    9503d5d34d96240435ef67e14095440c162c6e453a0d6d91ffb73a0eb07dc9d7

  • Size

    433KB

  • Sample

    241107-kvrp6szbqr

  • MD5

    a965539823ec8f1dff6642666ca248f8

  • SHA1

    2c24a3da2387ca968086e7e305f7234530caf660

  • SHA256

    9503d5d34d96240435ef67e14095440c162c6e453a0d6d91ffb73a0eb07dc9d7

  • SHA512

    fc5d812f1614a72c396d0b8cbba0b52bcc049e040555105f01a08a53fa2c66d67b3c735c9fde774840f6c57079f52dcfc6f261780d56240ba5dfeadf085f897b

  • SSDEEP

    12288:dMrAy90bWCWbxy59C7a3Y3PfMLFROcwT:1ysWCWbsrC7a3YffM5RNi

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      9503d5d34d96240435ef67e14095440c162c6e453a0d6d91ffb73a0eb07dc9d7

    • Size

      433KB

    • MD5

      a965539823ec8f1dff6642666ca248f8

    • SHA1

      2c24a3da2387ca968086e7e305f7234530caf660

    • SHA256

      9503d5d34d96240435ef67e14095440c162c6e453a0d6d91ffb73a0eb07dc9d7

    • SHA512

      fc5d812f1614a72c396d0b8cbba0b52bcc049e040555105f01a08a53fa2c66d67b3c735c9fde774840f6c57079f52dcfc6f261780d56240ba5dfeadf085f897b

    • SSDEEP

      12288:dMrAy90bWCWbxy59C7a3Y3PfMLFROcwT:1ysWCWbsrC7a3YffM5RNi

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks