General

  • Target

    2d24d0bad25511d5f074b91ec7e472fa18f18fa4b848f8eef988d5dda7b94249

  • Size

    435KB

  • Sample

    241111-d4lf7avqbq

  • MD5

    f3382cfd60e409d07b661c99d8ca69f3

  • SHA1

    07a9bc601ef3da50b02a391087c7ff1d5f289e7e

  • SHA256

    2d24d0bad25511d5f074b91ec7e472fa18f18fa4b848f8eef988d5dda7b94249

  • SHA512

    887063927174dca2af7f63e020905833c5915d3fb50e50f6d71ce2975a3b3e17b4fcf5d7139462e84b71b0b09473a23e4b6fb196a4fab9601c1f5c7d8910b509

  • SSDEEP

    12288:GMrWy90Mz7+yhqiE4DKjtRkJQY0jX03yUv5:Yy32gqnRjtRkJX0Y3ys

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      2d24d0bad25511d5f074b91ec7e472fa18f18fa4b848f8eef988d5dda7b94249

    • Size

      435KB

    • MD5

      f3382cfd60e409d07b661c99d8ca69f3

    • SHA1

      07a9bc601ef3da50b02a391087c7ff1d5f289e7e

    • SHA256

      2d24d0bad25511d5f074b91ec7e472fa18f18fa4b848f8eef988d5dda7b94249

    • SHA512

      887063927174dca2af7f63e020905833c5915d3fb50e50f6d71ce2975a3b3e17b4fcf5d7139462e84b71b0b09473a23e4b6fb196a4fab9601c1f5c7d8910b509

    • SSDEEP

      12288:GMrWy90Mz7+yhqiE4DKjtRkJQY0jX03yUv5:Yy32gqnRjtRkJX0Y3ys

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks