General

  • Target

    060aff951d7a0b79e7dcd76b0757ff70edcda6358b1eaf7bed4c7809b4d89325

  • Size

    433KB

  • Sample

    241107-pz7peasekd

  • MD5

    ca0d3baecc5f9781ddabd8a0d8a3a8c9

  • SHA1

    bf3c0c054f622a57572ff5da11ab8e8bd8883473

  • SHA256

    060aff951d7a0b79e7dcd76b0757ff70edcda6358b1eaf7bed4c7809b4d89325

  • SHA512

    5ef7f696495590c3bd25bfb94932b9309f7c4db089bf8d071d3c252e6f6a053c000f05a94e2fe34d631071312cc30137343bb0e00af19e81ae0c906d46aa51ee

  • SSDEEP

    6144:K8y+bnr+dp0yN90QEwZvzD13qCSQdokvJ1R8jiMexn8kz0nXvAZz0ljVczqxYpXm:8MrZy90G5zBvPudeFy/AZ1CYpXN0hd

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      060aff951d7a0b79e7dcd76b0757ff70edcda6358b1eaf7bed4c7809b4d89325

    • Size

      433KB

    • MD5

      ca0d3baecc5f9781ddabd8a0d8a3a8c9

    • SHA1

      bf3c0c054f622a57572ff5da11ab8e8bd8883473

    • SHA256

      060aff951d7a0b79e7dcd76b0757ff70edcda6358b1eaf7bed4c7809b4d89325

    • SHA512

      5ef7f696495590c3bd25bfb94932b9309f7c4db089bf8d071d3c252e6f6a053c000f05a94e2fe34d631071312cc30137343bb0e00af19e81ae0c906d46aa51ee

    • SSDEEP

      6144:K8y+bnr+dp0yN90QEwZvzD13qCSQdokvJ1R8jiMexn8kz0nXvAZz0ljVczqxYpXm:8MrZy90G5zBvPudeFy/AZ1CYpXN0hd

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks