General

  • Target

    b341b1b211e6012013b567a6d10cfdb62acbb55b37d37d9d45d1e9b163e63de4

  • Size

    440KB

  • Sample

    241107-l64dsa1akm

  • MD5

    a9b2ebf1d0119a82ca9981488f38fb42

  • SHA1

    0ebc2c6962ee343aa1b4255d6bf2ae929559fa3f

  • SHA256

    b341b1b211e6012013b567a6d10cfdb62acbb55b37d37d9d45d1e9b163e63de4

  • SHA512

    b03c4091ce11d1a45c88f4f8d35555b2324d041b71b3cfc7623d0b115a3d522a3ddf8bafba8d2478ed80909c2a8fa9be3c2296cb9d7fa09edd4bd49d0b7d8504

  • SSDEEP

    6144:Kdy+bnr+bp0yN90QEyY2GJKdWoUQo9QCMBzH7NwFYRobY2aWFhUXV+feNfN8/Juc:/MrXy90gVPFoJ6fNwvvIXVdz8/J5h1

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      b341b1b211e6012013b567a6d10cfdb62acbb55b37d37d9d45d1e9b163e63de4

    • Size

      440KB

    • MD5

      a9b2ebf1d0119a82ca9981488f38fb42

    • SHA1

      0ebc2c6962ee343aa1b4255d6bf2ae929559fa3f

    • SHA256

      b341b1b211e6012013b567a6d10cfdb62acbb55b37d37d9d45d1e9b163e63de4

    • SHA512

      b03c4091ce11d1a45c88f4f8d35555b2324d041b71b3cfc7623d0b115a3d522a3ddf8bafba8d2478ed80909c2a8fa9be3c2296cb9d7fa09edd4bd49d0b7d8504

    • SSDEEP

      6144:Kdy+bnr+bp0yN90QEyY2GJKdWoUQo9QCMBzH7NwFYRobY2aWFhUXV+feNfN8/Juc:/MrXy90gVPFoJ6fNwvvIXVdz8/J5h1

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks