General

  • Target

    cd115bc15a94ec754f209ab18f4fc1481d09f61692572dba1779c1214aa0786a

  • Size

    433KB

  • Sample

    241110-zej3qatqaw

  • MD5

    fb3587f8487f765d6e8dca5e648ebaf2

  • SHA1

    ce836c1733e78a9f008941d2cedfcead3d9d053f

  • SHA256

    cd115bc15a94ec754f209ab18f4fc1481d09f61692572dba1779c1214aa0786a

  • SHA512

    92ee704acd0571528f28ce8c035b0c24609fbc60538f431dbfcb8a69ce1417995ba8cb0d6552e9e2683d066fa7dfb6cb0a724519eec5d8676eeb5e449a930894

  • SSDEEP

    6144:KQy+bnr+Np0yN90QE5b0ZkVFIhHvxg6SdVljJbjT+KMAEBovy6GWOIUZE:gMrJy9034iSvxgb3l9VXE+vbGfhZE

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      cd115bc15a94ec754f209ab18f4fc1481d09f61692572dba1779c1214aa0786a

    • Size

      433KB

    • MD5

      fb3587f8487f765d6e8dca5e648ebaf2

    • SHA1

      ce836c1733e78a9f008941d2cedfcead3d9d053f

    • SHA256

      cd115bc15a94ec754f209ab18f4fc1481d09f61692572dba1779c1214aa0786a

    • SHA512

      92ee704acd0571528f28ce8c035b0c24609fbc60538f431dbfcb8a69ce1417995ba8cb0d6552e9e2683d066fa7dfb6cb0a724519eec5d8676eeb5e449a930894

    • SSDEEP

      6144:KQy+bnr+Np0yN90QE5b0ZkVFIhHvxg6SdVljJbjT+KMAEBovy6GWOIUZE:gMrJy9034iSvxgb3l9VXE+vbGfhZE

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks