General

  • Target

    64aeec4b3abe687d09c5202a40d8cfe8d1b431506d69c27a74215dcc3fbf870e

  • Size

    440KB

  • Sample

    241107-l1lxjszjez

  • MD5

    bdf3554e66522150f442e4e90216bb24

  • SHA1

    506281b2d97b684900e6fbb9447e591884b70322

  • SHA256

    64aeec4b3abe687d09c5202a40d8cfe8d1b431506d69c27a74215dcc3fbf870e

  • SHA512

    a1cf8367cf4b6891c4d0ab4525a8f4bd043e30f36d1f1baa4ccedd4036ce1251f096d150a9abcd1d63d51c829976749fc92c0ec8208b24899523457fc4746553

  • SSDEEP

    6144:KBy+bnr+Ip0yN90QEBE9gVIAhJteFeUMGrCKBz8bu6R33EF1njw3vyvbDMRcJshO:/MrEy90cgVReFeUM5uQ3s1nxinYWcZ

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      64aeec4b3abe687d09c5202a40d8cfe8d1b431506d69c27a74215dcc3fbf870e

    • Size

      440KB

    • MD5

      bdf3554e66522150f442e4e90216bb24

    • SHA1

      506281b2d97b684900e6fbb9447e591884b70322

    • SHA256

      64aeec4b3abe687d09c5202a40d8cfe8d1b431506d69c27a74215dcc3fbf870e

    • SHA512

      a1cf8367cf4b6891c4d0ab4525a8f4bd043e30f36d1f1baa4ccedd4036ce1251f096d150a9abcd1d63d51c829976749fc92c0ec8208b24899523457fc4746553

    • SSDEEP

      6144:KBy+bnr+Ip0yN90QEBE9gVIAhJteFeUMGrCKBz8bu6R33EF1njw3vyvbDMRcJshO:/MrEy90cgVReFeUM5uQ3s1nxinYWcZ

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks