General

  • Target

    baabeda663a64710190410b1366b3d9659dbbdaaf94e59b7dbf7cd01ada27caf

  • Size

    441KB

  • Sample

    241110-ze3j3avbmj

  • MD5

    6501689f720753d05145113a092f3db7

  • SHA1

    2ada73eee32670537011a58474241efe6febf4d0

  • SHA256

    baabeda663a64710190410b1366b3d9659dbbdaaf94e59b7dbf7cd01ada27caf

  • SHA512

    0b40e9d3f91c1b3e0581af93aa088a63b02b6f2212659c8e7694d063b7901a2094c8b1cd88be8a7cbbe2068ec3171b640a999b511a1a2cf766c2773a3a344e67

  • SSDEEP

    12288:gMrvy90Oxcr2wrrAOebAYs1zF6KqOP6goaGqNe6:/ytcrZrrAxsT6KqP6X

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      baabeda663a64710190410b1366b3d9659dbbdaaf94e59b7dbf7cd01ada27caf

    • Size

      441KB

    • MD5

      6501689f720753d05145113a092f3db7

    • SHA1

      2ada73eee32670537011a58474241efe6febf4d0

    • SHA256

      baabeda663a64710190410b1366b3d9659dbbdaaf94e59b7dbf7cd01ada27caf

    • SHA512

      0b40e9d3f91c1b3e0581af93aa088a63b02b6f2212659c8e7694d063b7901a2094c8b1cd88be8a7cbbe2068ec3171b640a999b511a1a2cf766c2773a3a344e67

    • SSDEEP

      12288:gMrvy90Oxcr2wrrAOebAYs1zF6KqOP6goaGqNe6:/ytcrZrrAxsT6KqP6X

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks