General

  • Target

    527a1791ede3a2421a966b80bf425c748e588846e36b2d7f7bed0d0fe075e6f9

  • Size

    441KB

  • Sample

    241107-rh3p8ssqgv

  • MD5

    a01dc4ef42027bdeff45d4acf468b05d

  • SHA1

    de16a0b8b725bc9b0d5b7680bdc1621fb56930c8

  • SHA256

    527a1791ede3a2421a966b80bf425c748e588846e36b2d7f7bed0d0fe075e6f9

  • SHA512

    75081769341374a0afc3797d1960fff4ee568108b7a82d67bcd0e0574670bface6205898257679ffd4cdc17c5ecab1f40663f3f23c06d2542d33a6e699ddb5ad

  • SSDEEP

    6144:KQy+bnr+Vp0yN90QEoZSYt/66NNfxewt+qZb1D2N5a05uUmMPM/eyAac1XxEFbfI:kMr9y90M/ySN0hqZZIuiUDPcCbfsgw

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      527a1791ede3a2421a966b80bf425c748e588846e36b2d7f7bed0d0fe075e6f9

    • Size

      441KB

    • MD5

      a01dc4ef42027bdeff45d4acf468b05d

    • SHA1

      de16a0b8b725bc9b0d5b7680bdc1621fb56930c8

    • SHA256

      527a1791ede3a2421a966b80bf425c748e588846e36b2d7f7bed0d0fe075e6f9

    • SHA512

      75081769341374a0afc3797d1960fff4ee568108b7a82d67bcd0e0574670bface6205898257679ffd4cdc17c5ecab1f40663f3f23c06d2542d33a6e699ddb5ad

    • SSDEEP

      6144:KQy+bnr+Vp0yN90QEoZSYt/66NNfxewt+qZb1D2N5a05uUmMPM/eyAac1XxEFbfI:kMr9y90M/ySN0hqZZIuiUDPcCbfsgw

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks