General

  • Target

    4c8e53da1b9da5ff26f56c2738a7b70bf45fab640bc05141b01fb56b73f8fa76

  • Size

    442KB

  • Sample

    241107-pjxt9sscjc

  • MD5

    d59f3a6c669ead41a8a35a438534242e

  • SHA1

    1306649043d90cca959d6a242378276c290db4e8

  • SHA256

    4c8e53da1b9da5ff26f56c2738a7b70bf45fab640bc05141b01fb56b73f8fa76

  • SHA512

    e6b4b28fc4ad92c83c3cb0c7c25ff09040f87f1dc8634c1ad3e2b18bd0182ccd1d4a91ad4a4b18e20f5721a96a0f612f8fadf77cfdac530b32628326a40c1109

  • SSDEEP

    6144:K9y+bnr+dp0yN90QEWYNAIwIxpdfMQmVtgKZw8KDWClmo3AIoKEiBwajoKSB6Ss+:/Mrpy90wYvwOKVpKDWU3ZAKSDzTYI

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      4c8e53da1b9da5ff26f56c2738a7b70bf45fab640bc05141b01fb56b73f8fa76

    • Size

      442KB

    • MD5

      d59f3a6c669ead41a8a35a438534242e

    • SHA1

      1306649043d90cca959d6a242378276c290db4e8

    • SHA256

      4c8e53da1b9da5ff26f56c2738a7b70bf45fab640bc05141b01fb56b73f8fa76

    • SHA512

      e6b4b28fc4ad92c83c3cb0c7c25ff09040f87f1dc8634c1ad3e2b18bd0182ccd1d4a91ad4a4b18e20f5721a96a0f612f8fadf77cfdac530b32628326a40c1109

    • SSDEEP

      6144:K9y+bnr+dp0yN90QEWYNAIwIxpdfMQmVtgKZw8KDWClmo3AIoKEiBwajoKSB6Ss+:/Mrpy90wYvwOKVpKDWU3ZAKSDzTYI

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks