General

  • Target

    9d914eb0057c810e712fdb2b1f0d4c7e7588e3f91ec2ba4467525171f2ba86bc

  • Size

    442KB

  • Sample

    241110-ymbkwaxjgj

  • MD5

    39d245351a21fd8953fa2d0b786901ee

  • SHA1

    3a3eaff757ec53a3b483ee78d7784bf149540407

  • SHA256

    9d914eb0057c810e712fdb2b1f0d4c7e7588e3f91ec2ba4467525171f2ba86bc

  • SHA512

    7bd73d6677d5e2ddf31b1dd95bc33fd3c00b321fcee02ba41fc9ed56f5b2fad58badc38ed0cc8315586cefaafd1bcaecc5981b5fa38da45db3ad08984503ef69

  • SSDEEP

    12288:SMrly90dxQih1l5eJwD7ob0ZR0DC/oaz0oHIN8:fyQh1HeJwD7oocpa4RS

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      9d914eb0057c810e712fdb2b1f0d4c7e7588e3f91ec2ba4467525171f2ba86bc

    • Size

      442KB

    • MD5

      39d245351a21fd8953fa2d0b786901ee

    • SHA1

      3a3eaff757ec53a3b483ee78d7784bf149540407

    • SHA256

      9d914eb0057c810e712fdb2b1f0d4c7e7588e3f91ec2ba4467525171f2ba86bc

    • SHA512

      7bd73d6677d5e2ddf31b1dd95bc33fd3c00b321fcee02ba41fc9ed56f5b2fad58badc38ed0cc8315586cefaafd1bcaecc5981b5fa38da45db3ad08984503ef69

    • SSDEEP

      12288:SMrly90dxQih1l5eJwD7ob0ZR0DC/oaz0oHIN8:fyQh1HeJwD7oocpa4RS

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks