General

  • Target

    fd922b46cc103fd4fe097a7cf65950f79e8fcbb4e04dfc7222f95822730da2e4

  • Size

    433KB

  • Sample

    241110-yxjz1avbjc

  • MD5

    9143d5af8e8e2af96b3fd323585fdb71

  • SHA1

    54f7eaf29d1300250e9a8cab81a9ba7bcf12a9c4

  • SHA256

    fd922b46cc103fd4fe097a7cf65950f79e8fcbb4e04dfc7222f95822730da2e4

  • SHA512

    8a7b067e30d6dd21a289b22bb024d27f1f21c7e320ada582a35f199a0b8daa841067ff90540307cc5f720ced482841d2a861168f5407f571b6f73f1e19fc64c7

  • SSDEEP

    6144:Kby+bnr+1p0yN90QEub0ZkVFIhHvxg6SdVljJbjT+KMAEBovy6GWOIU6L+S:9MrRy90A4iSvxgb3l9VXE+vbGfh66S

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      fd922b46cc103fd4fe097a7cf65950f79e8fcbb4e04dfc7222f95822730da2e4

    • Size

      433KB

    • MD5

      9143d5af8e8e2af96b3fd323585fdb71

    • SHA1

      54f7eaf29d1300250e9a8cab81a9ba7bcf12a9c4

    • SHA256

      fd922b46cc103fd4fe097a7cf65950f79e8fcbb4e04dfc7222f95822730da2e4

    • SHA512

      8a7b067e30d6dd21a289b22bb024d27f1f21c7e320ada582a35f199a0b8daa841067ff90540307cc5f720ced482841d2a861168f5407f571b6f73f1e19fc64c7

    • SSDEEP

      6144:Kby+bnr+1p0yN90QEub0ZkVFIhHvxg6SdVljJbjT+KMAEBovy6GWOIU6L+S:9MrRy90A4iSvxgb3l9VXE+vbGfh66S

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks