General

  • Target

    d8c1227c83ecfca3b1a552fd858fee237ddd31ab4f43bf9179b463daff0be6b8

  • Size

    433KB

  • Sample

    241107-p4akgasfmn

  • MD5

    9c382a7b79ab5dc42e30adf75698b548

  • SHA1

    c5b399dae6fdab6536671ffca3d7c0f8f076fd1c

  • SHA256

    d8c1227c83ecfca3b1a552fd858fee237ddd31ab4f43bf9179b463daff0be6b8

  • SHA512

    b4927f950a8847a717da0c0ef2d1374def8336b4a9c5e0e7ccd3d9e62b6be63a81aeb600c324bb7a0d04e0ebf086833f5c5e1ffbe9c186f8412458923286f688

  • SSDEEP

    6144:Kty+bnr+Wp0yN90QE+OLizUC8SC8qPEbnrYdPirz/hYrTVjfS4lMP9c5GoHrFz8p:fMrCy90XSy8BYdPirzZiIiFFMLGS

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      d8c1227c83ecfca3b1a552fd858fee237ddd31ab4f43bf9179b463daff0be6b8

    • Size

      433KB

    • MD5

      9c382a7b79ab5dc42e30adf75698b548

    • SHA1

      c5b399dae6fdab6536671ffca3d7c0f8f076fd1c

    • SHA256

      d8c1227c83ecfca3b1a552fd858fee237ddd31ab4f43bf9179b463daff0be6b8

    • SHA512

      b4927f950a8847a717da0c0ef2d1374def8336b4a9c5e0e7ccd3d9e62b6be63a81aeb600c324bb7a0d04e0ebf086833f5c5e1ffbe9c186f8412458923286f688

    • SSDEEP

      6144:Kty+bnr+Wp0yN90QE+OLizUC8SC8qPEbnrYdPirz/hYrTVjfS4lMP9c5GoHrFz8p:fMrCy90XSy8BYdPirzZiIiFFMLGS

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks