General

  • Target

    e540910594704ba021f3a6e50bc73891c79f2b13d6d6169743a0799a0b8ffda0

  • Size

    433KB

  • Sample

    241110-y5q4aavcmd

  • MD5

    dd9bbe1476eba8a8e353dcebbaea2724

  • SHA1

    d6814c32ef9586800eb524a28bfcc6866815d155

  • SHA256

    e540910594704ba021f3a6e50bc73891c79f2b13d6d6169743a0799a0b8ffda0

  • SHA512

    08aaf32ef7f12c3548d17d6de2c5bd5241c6c72103aeeb84c9bc3fcccd65461d41978efbb7d5da3f5d4b6444e844b69310d2e3894dff87f2f11493233f7d541e

  • SSDEEP

    6144:K/y+bnr+dp0yN90QE7ZvzD13qCSQdokvJ1R8jiMexn8kz0nXvAZz0ljVczqxYMX7:JMrJy90/5zBvPudeFy/AZ1CYMXyCRJ

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      e540910594704ba021f3a6e50bc73891c79f2b13d6d6169743a0799a0b8ffda0

    • Size

      433KB

    • MD5

      dd9bbe1476eba8a8e353dcebbaea2724

    • SHA1

      d6814c32ef9586800eb524a28bfcc6866815d155

    • SHA256

      e540910594704ba021f3a6e50bc73891c79f2b13d6d6169743a0799a0b8ffda0

    • SHA512

      08aaf32ef7f12c3548d17d6de2c5bd5241c6c72103aeeb84c9bc3fcccd65461d41978efbb7d5da3f5d4b6444e844b69310d2e3894dff87f2f11493233f7d541e

    • SSDEEP

      6144:K/y+bnr+dp0yN90QE7ZvzD13qCSQdokvJ1R8jiMexn8kz0nXvAZz0ljVczqxYMX7:JMrJy90/5zBvPudeFy/AZ1CYMXyCRJ

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks