General

  • Target

    cdf38b929835cd662f67af880fe99270252ce702f07ed12d6c599190a6502834

  • Size

    442KB

  • Sample

    241110-12v9yawhpf

  • MD5

    031dcaf165d47e43d03964ff3eb43562

  • SHA1

    fd29db497fe6e8eef7821c72bb30435357e4b7d0

  • SHA256

    cdf38b929835cd662f67af880fe99270252ce702f07ed12d6c599190a6502834

  • SHA512

    38d2e8052602030bd4c180a5563ce5c2b5b8a405c10fb97ba5491d4bd05b5f7cd75eee25c2875aabaf24d47356e28c215455fb79dfb09f3af85c8c8afb26f878

  • SSDEEP

    12288:QMrgy900xQih1l5eJwD7ob0ZR0DC/7az5pEBD17:gy1h1HeJwD7oocealCBDl

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      cdf38b929835cd662f67af880fe99270252ce702f07ed12d6c599190a6502834

    • Size

      442KB

    • MD5

      031dcaf165d47e43d03964ff3eb43562

    • SHA1

      fd29db497fe6e8eef7821c72bb30435357e4b7d0

    • SHA256

      cdf38b929835cd662f67af880fe99270252ce702f07ed12d6c599190a6502834

    • SHA512

      38d2e8052602030bd4c180a5563ce5c2b5b8a405c10fb97ba5491d4bd05b5f7cd75eee25c2875aabaf24d47356e28c215455fb79dfb09f3af85c8c8afb26f878

    • SSDEEP

      12288:QMrgy900xQih1l5eJwD7ob0ZR0DC/7az5pEBD17:gy1h1HeJwD7oocealCBDl

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks