General

  • Target

    3854007d40765763d50ff5662cb750c2e025114ebf640aacf39ddb5f91017021.exe

  • Size

    433KB

  • Sample

    241110-zrznyavjez

  • MD5

    59ce7e4c5061f552cea116b4335a08cf

  • SHA1

    8334384bc468bba1f907ff43df0beb1b30ad9cea

  • SHA256

    3854007d40765763d50ff5662cb750c2e025114ebf640aacf39ddb5f91017021

  • SHA512

    3374d7d5ecd3647955a2cd91a29ef88980d54f4edffe00a98ea2a4dd4e5aa9e0ced94a6f08a3925de09cb5ae48ad37b8b6cbff604e1253184718399fa2309ee8

  • SSDEEP

    6144:KFy+bnr+ap0yN90QEBQ0WHWC+dbx1A59C7ai4Y3HaBWAeDMLu5/z8mSD8G:LMrWy90cWCWbxy59C7a3Y3PfMLmWD8G

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      3854007d40765763d50ff5662cb750c2e025114ebf640aacf39ddb5f91017021.exe

    • Size

      433KB

    • MD5

      59ce7e4c5061f552cea116b4335a08cf

    • SHA1

      8334384bc468bba1f907ff43df0beb1b30ad9cea

    • SHA256

      3854007d40765763d50ff5662cb750c2e025114ebf640aacf39ddb5f91017021

    • SHA512

      3374d7d5ecd3647955a2cd91a29ef88980d54f4edffe00a98ea2a4dd4e5aa9e0ced94a6f08a3925de09cb5ae48ad37b8b6cbff604e1253184718399fa2309ee8

    • SSDEEP

      6144:KFy+bnr+ap0yN90QEBQ0WHWC+dbx1A59C7ai4Y3HaBWAeDMLu5/z8mSD8G:LMrWy90cWCWbxy59C7a3Y3PfMLmWD8G

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks