General

  • Target

    f07e5d4da81ce1b9dd868e62315e4e817f19318e9a8820be2f081ccd2956a0b1

  • Size

    433KB

  • Sample

    241107-nsyx9a1gmb

  • MD5

    59aec5b0f8ae9f8c5b54239948955f9d

  • SHA1

    bc6954c0cb85c3da7dda5fa68f2281ea823ea8b6

  • SHA256

    f07e5d4da81ce1b9dd868e62315e4e817f19318e9a8820be2f081ccd2956a0b1

  • SHA512

    2e395b421c91e5211e6186b7750172c5e1dc123b5b26e0cad436c2086517a9a383e95f04d6b8df2d00fadd2e782cbc30c54edf563f4a6a785fc89c7c86f9770c

  • SSDEEP

    6144:Kly+bnr+mp0yN90QERYCyep0NxrWVPXHDscBF0N7HiJvXdZwphWgDU6vNE:XMrqy90M9LNxS13DWiRNZwphWUUD

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      f07e5d4da81ce1b9dd868e62315e4e817f19318e9a8820be2f081ccd2956a0b1

    • Size

      433KB

    • MD5

      59aec5b0f8ae9f8c5b54239948955f9d

    • SHA1

      bc6954c0cb85c3da7dda5fa68f2281ea823ea8b6

    • SHA256

      f07e5d4da81ce1b9dd868e62315e4e817f19318e9a8820be2f081ccd2956a0b1

    • SHA512

      2e395b421c91e5211e6186b7750172c5e1dc123b5b26e0cad436c2086517a9a383e95f04d6b8df2d00fadd2e782cbc30c54edf563f4a6a785fc89c7c86f9770c

    • SSDEEP

      6144:Kly+bnr+mp0yN90QERYCyep0NxrWVPXHDscBF0N7HiJvXdZwphWgDU6vNE:XMrqy90M9LNxS13DWiRNZwphWUUD

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks