General

  • Target

    e6cf8dc623d50ac657a81af5e4e11869fb36bd42cc1f1f33cfbf0f6e3285cdb8

  • Size

    433KB

  • Sample

    241107-nc3aqstncj

  • MD5

    a48b7dacf7bba6ac0fdb26d492895234

  • SHA1

    77653dbd77680024fa4cc6a2953f2a4804235619

  • SHA256

    e6cf8dc623d50ac657a81af5e4e11869fb36bd42cc1f1f33cfbf0f6e3285cdb8

  • SHA512

    2cdcbfbdadded089f14b70c42931acc61454456cd627ef6e5417aeebd9c15043a50bca4f884e9120c599b1ec0ef9099bf4be998d612b693ef99a130b1d2564cf

  • SSDEEP

    12288:tMr9y90FdMAFRlV87qmSQBVXgqeo9X4Ev:UyjAFRlCBcEv

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      e6cf8dc623d50ac657a81af5e4e11869fb36bd42cc1f1f33cfbf0f6e3285cdb8

    • Size

      433KB

    • MD5

      a48b7dacf7bba6ac0fdb26d492895234

    • SHA1

      77653dbd77680024fa4cc6a2953f2a4804235619

    • SHA256

      e6cf8dc623d50ac657a81af5e4e11869fb36bd42cc1f1f33cfbf0f6e3285cdb8

    • SHA512

      2cdcbfbdadded089f14b70c42931acc61454456cd627ef6e5417aeebd9c15043a50bca4f884e9120c599b1ec0ef9099bf4be998d612b693ef99a130b1d2564cf

    • SSDEEP

      12288:tMr9y90FdMAFRlV87qmSQBVXgqeo9X4Ev:UyjAFRlCBcEv

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks