General

  • Target

    e747d740ea36dc68988d6662fc9161d97efb98ac8af648400d764c68dda9a4d9

  • Size

    433KB

  • Sample

    241107-mwgbya1dkn

  • MD5

    166e8f4ba1c46760aeb0cfa9dab3c7a3

  • SHA1

    18d09b30f8990f5a619e9af137213e91e52e8301

  • SHA256

    e747d740ea36dc68988d6662fc9161d97efb98ac8af648400d764c68dda9a4d9

  • SHA512

    acbb3383592bfbdd8177965029f47caf810f807ba9a778097fefc6de26f10a41381ea7dabb63647949750c997bcdf95cec71f3370090a93cac6f812adcc5a0dd

  • SSDEEP

    12288:oMrhy90S78bm8q4pif/DdRm19HgWMtMeJ:5yqmX7Dd0XA1t7J

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      e747d740ea36dc68988d6662fc9161d97efb98ac8af648400d764c68dda9a4d9

    • Size

      433KB

    • MD5

      166e8f4ba1c46760aeb0cfa9dab3c7a3

    • SHA1

      18d09b30f8990f5a619e9af137213e91e52e8301

    • SHA256

      e747d740ea36dc68988d6662fc9161d97efb98ac8af648400d764c68dda9a4d9

    • SHA512

      acbb3383592bfbdd8177965029f47caf810f807ba9a778097fefc6de26f10a41381ea7dabb63647949750c997bcdf95cec71f3370090a93cac6f812adcc5a0dd

    • SSDEEP

      12288:oMrhy90S78bm8q4pif/DdRm19HgWMtMeJ:5yqmX7Dd0XA1t7J

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks