General

  • Target

    a25544f479098fcd2ae91cd4508fcb4e65d94824cc30c46ebd5c3ac2495e41ec

  • Size

    433KB

  • Sample

    241107-lglsfayqcv

  • MD5

    16f71d6daa8dbbb1ede78faf38b3c3d1

  • SHA1

    e610e588f4678d58c0e1c4bfba3739d70a458cbf

  • SHA256

    a25544f479098fcd2ae91cd4508fcb4e65d94824cc30c46ebd5c3ac2495e41ec

  • SHA512

    91b1540cd142f483e14b913346c6bc05871eb52bdf6141d0c67d1ce8d274571ef7d18647aad7ef4386b5c80247f4018123737e4eadd9ffa31a1093b602402317

  • SSDEEP

    6144:KVy+bnr+up0yN90QEfOLizUC8SC8qPEbnrYdPirz/hYrTVjfS4lMP9c5GoHrFz8W:jMrKy90YSy8BYdPirzZiIiFFMLH4DD

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      a25544f479098fcd2ae91cd4508fcb4e65d94824cc30c46ebd5c3ac2495e41ec

    • Size

      433KB

    • MD5

      16f71d6daa8dbbb1ede78faf38b3c3d1

    • SHA1

      e610e588f4678d58c0e1c4bfba3739d70a458cbf

    • SHA256

      a25544f479098fcd2ae91cd4508fcb4e65d94824cc30c46ebd5c3ac2495e41ec

    • SHA512

      91b1540cd142f483e14b913346c6bc05871eb52bdf6141d0c67d1ce8d274571ef7d18647aad7ef4386b5c80247f4018123737e4eadd9ffa31a1093b602402317

    • SSDEEP

      6144:KVy+bnr+up0yN90QEfOLizUC8SC8qPEbnrYdPirz/hYrTVjfS4lMP9c5GoHrFz8W:jMrKy90YSy8BYdPirzZiIiFFMLH4DD

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks