General

  • Target

    34429e12fba0a65f20d57980efb3e5438b8779055344e2af309876fccbcb5e20

  • Size

    441KB

  • Sample

    241107-rrls3stfrd

  • MD5

    497138bb6f36adc402dc8bb91b4357ca

  • SHA1

    07d81f01bbc4fb4a232a9f814e048d42af755d54

  • SHA256

    34429e12fba0a65f20d57980efb3e5438b8779055344e2af309876fccbcb5e20

  • SHA512

    31944b8350e4c97976d48aa5862f58fb0ad8a185678f244d3ee55954972fda132ac3f35d7a6bb75e2c349335a5fb6b950639517422618ecf91c41f507ed3f014

  • SSDEEP

    12288:IMrey90zfxfEASjtv3p+2wj25s5hBYQalg:Wy4xfEJojIeYQalg

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      34429e12fba0a65f20d57980efb3e5438b8779055344e2af309876fccbcb5e20

    • Size

      441KB

    • MD5

      497138bb6f36adc402dc8bb91b4357ca

    • SHA1

      07d81f01bbc4fb4a232a9f814e048d42af755d54

    • SHA256

      34429e12fba0a65f20d57980efb3e5438b8779055344e2af309876fccbcb5e20

    • SHA512

      31944b8350e4c97976d48aa5862f58fb0ad8a185678f244d3ee55954972fda132ac3f35d7a6bb75e2c349335a5fb6b950639517422618ecf91c41f507ed3f014

    • SSDEEP

      12288:IMrey90zfxfEASjtv3p+2wj25s5hBYQalg:Wy4xfEJojIeYQalg

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks