General

  • Target

    ea80403ee4af1f2b2e7c2c041cade48c26cb323c57f1dd39e8868d23f5650150

  • Size

    433KB

  • Sample

    241111-e9r2lashpn

  • MD5

    4431b93b2aa1e2ddac5eac50738d8add

  • SHA1

    71e7a9c8feba217b87936d0114772e0074d1f237

  • SHA256

    ea80403ee4af1f2b2e7c2c041cade48c26cb323c57f1dd39e8868d23f5650150

  • SHA512

    91261c34cfc5afaec2df3fe6aaa145fe07aac879b95ff4628c758be9c58506277a7df5b3ffe16724f30bd1f5f99a2fb06bc15b9eb8ad2d515b99ddf0c7b39270

  • SSDEEP

    12288:4Mr6y90dJtWsAkW9wHIXbnRmHJeBWkhs2:yyWvY9WIrw5kO2

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      ea80403ee4af1f2b2e7c2c041cade48c26cb323c57f1dd39e8868d23f5650150

    • Size

      433KB

    • MD5

      4431b93b2aa1e2ddac5eac50738d8add

    • SHA1

      71e7a9c8feba217b87936d0114772e0074d1f237

    • SHA256

      ea80403ee4af1f2b2e7c2c041cade48c26cb323c57f1dd39e8868d23f5650150

    • SHA512

      91261c34cfc5afaec2df3fe6aaa145fe07aac879b95ff4628c758be9c58506277a7df5b3ffe16724f30bd1f5f99a2fb06bc15b9eb8ad2d515b99ddf0c7b39270

    • SSDEEP

      12288:4Mr6y90dJtWsAkW9wHIXbnRmHJeBWkhs2:yyWvY9WIrw5kO2

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks