General

  • Target

    445b54cd35c886bd6427024cb646f08f934cab9e9f20b3d6ac38ff78aa053f91

  • Size

    433KB

  • Sample

    241111-ftnvnsspgt

  • MD5

    ebdbfb4ed23e20e55d37d85b188c308f

  • SHA1

    042ca41316793bc83818346b3d757a77c8a848b6

  • SHA256

    445b54cd35c886bd6427024cb646f08f934cab9e9f20b3d6ac38ff78aa053f91

  • SHA512

    23a66f43c78047ff2061eff498a7c088bbcde3d554ac116000ec23395fb8f7207e05c9be6be5fb44f66d3a880e8a3ea2304369981013e14b09b58dd75c943b3a

  • SSDEEP

    12288:XMr/y9035zBvPudeFy/AZ1CYMXyC5DPnE:ky6pJPCec/iC5DPE

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      445b54cd35c886bd6427024cb646f08f934cab9e9f20b3d6ac38ff78aa053f91

    • Size

      433KB

    • MD5

      ebdbfb4ed23e20e55d37d85b188c308f

    • SHA1

      042ca41316793bc83818346b3d757a77c8a848b6

    • SHA256

      445b54cd35c886bd6427024cb646f08f934cab9e9f20b3d6ac38ff78aa053f91

    • SHA512

      23a66f43c78047ff2061eff498a7c088bbcde3d554ac116000ec23395fb8f7207e05c9be6be5fb44f66d3a880e8a3ea2304369981013e14b09b58dd75c943b3a

    • SSDEEP

      12288:XMr/y9035zBvPudeFy/AZ1CYMXyC5DPnE:ky6pJPCec/iC5DPE

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks