General

  • Target

    e4edf6e392020beee8bc556c4e41d7d1e1d981e10b23b3681b9126e79d253b7d

  • Size

    440KB

  • Sample

    241107-ncawgs1eke

  • MD5

    df18e6f92f94d78f17d18f10bb0a0a2a

  • SHA1

    82e031961199c93c24bdda92e929e77d6d2e5fd1

  • SHA256

    e4edf6e392020beee8bc556c4e41d7d1e1d981e10b23b3681b9126e79d253b7d

  • SHA512

    54cf37c277c5209239b2a60336c81c27ae2781c5478b5db0e40b2e65d8319b73f952518463ce98e6f213dc4bcd15e3e7ade71ac8ef28b4e7914138f28131f5af

  • SSDEEP

    12288:DMryy90ixcr2wrrAOebAYs1zF6KqOP6goaGqNqH2/l4R:dy9crZrrAxsT6KqP6n/i

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      e4edf6e392020beee8bc556c4e41d7d1e1d981e10b23b3681b9126e79d253b7d

    • Size

      440KB

    • MD5

      df18e6f92f94d78f17d18f10bb0a0a2a

    • SHA1

      82e031961199c93c24bdda92e929e77d6d2e5fd1

    • SHA256

      e4edf6e392020beee8bc556c4e41d7d1e1d981e10b23b3681b9126e79d253b7d

    • SHA512

      54cf37c277c5209239b2a60336c81c27ae2781c5478b5db0e40b2e65d8319b73f952518463ce98e6f213dc4bcd15e3e7ade71ac8ef28b4e7914138f28131f5af

    • SSDEEP

      12288:DMryy90ixcr2wrrAOebAYs1zF6KqOP6goaGqNqH2/l4R:dy9crZrrAxsT6KqP6n/i

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks