General

  • Target

    4b7b7b87366e23f9f3c8d5795f6a88a64c5616ea4b6c7400a3275c21bc5cd184

  • Size

    440KB

  • Sample

    241107-myfheszpcx

  • MD5

    b346bf632778e9e27a2ff4fd1e5a2fc3

  • SHA1

    b6f712c52e4d27c52d17cdccdb5a0efadb656192

  • SHA256

    4b7b7b87366e23f9f3c8d5795f6a88a64c5616ea4b6c7400a3275c21bc5cd184

  • SHA512

    9224e2c609ed6ea7b4586f5e247f57723b561d4aad8b61618ece9ceee8a970e201e44a469b4b15281e576ce5f84d1350289963d738680a7f425b14d83a7fb30b

  • SSDEEP

    6144:Kdy+bnr+Xp0yN90QEbY2GJKdWoUQo9QCMBzH7NwFYRobY2aWFhUXV+feNfN8/JuH:LMrTy90jVPFoJ6fNwvvIXVdz8/J5hgx

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      4b7b7b87366e23f9f3c8d5795f6a88a64c5616ea4b6c7400a3275c21bc5cd184

    • Size

      440KB

    • MD5

      b346bf632778e9e27a2ff4fd1e5a2fc3

    • SHA1

      b6f712c52e4d27c52d17cdccdb5a0efadb656192

    • SHA256

      4b7b7b87366e23f9f3c8d5795f6a88a64c5616ea4b6c7400a3275c21bc5cd184

    • SHA512

      9224e2c609ed6ea7b4586f5e247f57723b561d4aad8b61618ece9ceee8a970e201e44a469b4b15281e576ce5f84d1350289963d738680a7f425b14d83a7fb30b

    • SSDEEP

      6144:Kdy+bnr+Xp0yN90QEbY2GJKdWoUQo9QCMBzH7NwFYRobY2aWFhUXV+feNfN8/JuH:LMrTy90jVPFoJ6fNwvvIXVdz8/J5hgx

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks