General

  • Target

    a2d6311287a170ab5ab4fe810f8df69d57b165fd3fd164ed2386e28b65c518d5

  • Size

    442KB

  • Sample

    241111-efm6jssfmb

  • MD5

    31517f0719e0dcfe41778350d92038aa

  • SHA1

    33354b633ee42bee32b103fa452952beb158b2c1

  • SHA256

    a2d6311287a170ab5ab4fe810f8df69d57b165fd3fd164ed2386e28b65c518d5

  • SHA512

    3abc7adb17ccfaedc53b176615f3368447df6622cb8e320786c2d79c650dfa7de45b8f6681b4a9d6156ca8a4bb6cbcdb3b3ba8e86647f0c65d6de18e603484b5

  • SSDEEP

    6144:KMy+bnr+ep0yN90QE/BEyWzP8Hao4s+9V6odP5B/d34Rbs94mp77Lip1MT:UMrCy90t2yQIao4r6opPiRs94NPMT

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      a2d6311287a170ab5ab4fe810f8df69d57b165fd3fd164ed2386e28b65c518d5

    • Size

      442KB

    • MD5

      31517f0719e0dcfe41778350d92038aa

    • SHA1

      33354b633ee42bee32b103fa452952beb158b2c1

    • SHA256

      a2d6311287a170ab5ab4fe810f8df69d57b165fd3fd164ed2386e28b65c518d5

    • SHA512

      3abc7adb17ccfaedc53b176615f3368447df6622cb8e320786c2d79c650dfa7de45b8f6681b4a9d6156ca8a4bb6cbcdb3b3ba8e86647f0c65d6de18e603484b5

    • SSDEEP

      6144:KMy+bnr+ep0yN90QE/BEyWzP8Hao4s+9V6odP5B/d34Rbs94mp77Lip1MT:UMrCy90t2yQIao4r6opPiRs94NPMT

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks