General

  • Target

    b76b1fc2db24e560b588016cacb56660fe63ff43d8a1dddde0acf711aa68f0dc

  • Size

    433KB

  • Sample

    241107-nxeeeasakq

  • MD5

    6cf1ce96ae596631afd0660fa77274be

  • SHA1

    64c3d0aa9613b35c9bed1eb3bf897007108a3dbb

  • SHA256

    b76b1fc2db24e560b588016cacb56660fe63ff43d8a1dddde0acf711aa68f0dc

  • SHA512

    25032df9f030dd56118f4ea75d789f469654692864279c4957cd8ab9d3ec9468769924836c5d15e093a37e526a0e80ac1925e6ee11fcfb4930bf3d3db651527d

  • SSDEEP

    12288:BMrxy90RdMAFRlV87qmSQBVXgqeo9X46OMIE/G9:My7AFRlCBc63t8

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      b76b1fc2db24e560b588016cacb56660fe63ff43d8a1dddde0acf711aa68f0dc

    • Size

      433KB

    • MD5

      6cf1ce96ae596631afd0660fa77274be

    • SHA1

      64c3d0aa9613b35c9bed1eb3bf897007108a3dbb

    • SHA256

      b76b1fc2db24e560b588016cacb56660fe63ff43d8a1dddde0acf711aa68f0dc

    • SHA512

      25032df9f030dd56118f4ea75d789f469654692864279c4957cd8ab9d3ec9468769924836c5d15e093a37e526a0e80ac1925e6ee11fcfb4930bf3d3db651527d

    • SSDEEP

      12288:BMrxy90RdMAFRlV87qmSQBVXgqeo9X46OMIE/G9:My7AFRlCBc63t8

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks