General

  • Target

    89aa48c6fb2306e082dd58149dc1183db92288f89fd283276633cbc3781af21b

  • Size

    441KB

  • Sample

    241111-e73qbaslbw

  • MD5

    a56281142ecc8139f57bbea6eba56dd3

  • SHA1

    8514ab5016502c10d043db4908a89081cf8605c2

  • SHA256

    89aa48c6fb2306e082dd58149dc1183db92288f89fd283276633cbc3781af21b

  • SHA512

    0f047aac6e48c96fb5c9b2ef0d192ee59373213ab36fbcd451b940fd80908666a658ba91b016bbf3cd1cfa19a9c0cfd85ff0a4aa51669dd63f9c058471f11af5

  • SSDEEP

    6144:KKy+bnr+0p0yN90QEhg4PJQbWq0EmKqAHzME/lvB9qo0tE033xCvrluq0XjDL:OMrMy90XFq3CSQCZ+N33xAu5XjDL

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      89aa48c6fb2306e082dd58149dc1183db92288f89fd283276633cbc3781af21b

    • Size

      441KB

    • MD5

      a56281142ecc8139f57bbea6eba56dd3

    • SHA1

      8514ab5016502c10d043db4908a89081cf8605c2

    • SHA256

      89aa48c6fb2306e082dd58149dc1183db92288f89fd283276633cbc3781af21b

    • SHA512

      0f047aac6e48c96fb5c9b2ef0d192ee59373213ab36fbcd451b940fd80908666a658ba91b016bbf3cd1cfa19a9c0cfd85ff0a4aa51669dd63f9c058471f11af5

    • SSDEEP

      6144:KKy+bnr+0p0yN90QEhg4PJQbWq0EmKqAHzME/lvB9qo0tE033xCvrluq0XjDL:OMrMy90XFq3CSQCZ+N33xAu5XjDL

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks