General

  • Target

    a15dc21ab1400f6cbea5b9e9a2529ee8bb619ef986605a171869c188b6f1d919

  • Size

    441KB

  • Sample

    241107-mmb1vs1ckl

  • MD5

    5843b2ef32c357eaf11dd59ba0958ff7

  • SHA1

    fdf2127a5a1d779c19a7e858f6b3075691a11a80

  • SHA256

    a15dc21ab1400f6cbea5b9e9a2529ee8bb619ef986605a171869c188b6f1d919

  • SHA512

    b91d5d56a3eed0920af34ec15491f0e6e248d87e9a25800784ef24d6b4c6a8963f41915b07c4854a9e299ce96de2da5be5d7a7334ea4ebec433ca5263ec84351

  • SSDEEP

    6144:Kfy+bnr+4p0yN90QEIg4PJQbWq0EmKqAHzME/lvB9qo0tE03exCvpidWbW8Gr:9MrQy90eFq3CSQCZ+N3exoigbu

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      a15dc21ab1400f6cbea5b9e9a2529ee8bb619ef986605a171869c188b6f1d919

    • Size

      441KB

    • MD5

      5843b2ef32c357eaf11dd59ba0958ff7

    • SHA1

      fdf2127a5a1d779c19a7e858f6b3075691a11a80

    • SHA256

      a15dc21ab1400f6cbea5b9e9a2529ee8bb619ef986605a171869c188b6f1d919

    • SHA512

      b91d5d56a3eed0920af34ec15491f0e6e248d87e9a25800784ef24d6b4c6a8963f41915b07c4854a9e299ce96de2da5be5d7a7334ea4ebec433ca5263ec84351

    • SSDEEP

      6144:Kfy+bnr+4p0yN90QEIg4PJQbWq0EmKqAHzME/lvB9qo0tE03exCvpidWbW8Gr:9MrQy90eFq3CSQCZ+N3exoigbu

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks