General

  • Target

    8943346d13bd0a7a558747395e40edd1811eadd7acb5c4d2a64ddd54e1e91463

  • Size

    433KB

  • Sample

    241111-ebfkxa1nh1

  • MD5

    bb2fa6e0fd87fb0177cd618337df0aae

  • SHA1

    4653084554037a3458bca406444b7eb4f3c580d4

  • SHA256

    8943346d13bd0a7a558747395e40edd1811eadd7acb5c4d2a64ddd54e1e91463

  • SHA512

    902ea4237c57b857685d062ead9736cfc670e391b9c297bad2b10b28fddf6bea9e4121d93c039a93eb6eb449730ea40dc6bd1dd17ebc695cba9f4d3bf19ef287

  • SSDEEP

    6144:K/y+bnr+up0yN90QEEOLizUC8SC8qPEbnrYdPirz/hYrTVjfS4lMP9c5GoHrFz8w:BMr6y90tSy8BYdPirzZiIiFFMLESE

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      8943346d13bd0a7a558747395e40edd1811eadd7acb5c4d2a64ddd54e1e91463

    • Size

      433KB

    • MD5

      bb2fa6e0fd87fb0177cd618337df0aae

    • SHA1

      4653084554037a3458bca406444b7eb4f3c580d4

    • SHA256

      8943346d13bd0a7a558747395e40edd1811eadd7acb5c4d2a64ddd54e1e91463

    • SHA512

      902ea4237c57b857685d062ead9736cfc670e391b9c297bad2b10b28fddf6bea9e4121d93c039a93eb6eb449730ea40dc6bd1dd17ebc695cba9f4d3bf19ef287

    • SSDEEP

      6144:K/y+bnr+up0yN90QEEOLizUC8SC8qPEbnrYdPirz/hYrTVjfS4lMP9c5GoHrFz8w:BMr6y90tSy8BYdPirzZiIiFFMLESE

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks