General

  • Target

    fe63c869c0807fafc23bf4a0cbfd0160343fda100e0da8bfcd18e7086e55b89f

  • Size

    867KB

  • Sample

    230507-kwrrkaee9z

  • MD5

    ee59c065cf86b630c3d3ad919ab32b25

  • SHA1

    9423c23e8c2af3d995dd9dd565fa74fe00c9df38

  • SHA256

    fe63c869c0807fafc23bf4a0cbfd0160343fda100e0da8bfcd18e7086e55b89f

  • SHA512

    d8127dd43f2c61c927d731e7898a9b99844504146b3b598eba7dfbf793dbfd9a779d1da679dce038489dcf21d55d4dfe60753ad8d4d854d68dccbabbe6276a18

  • SSDEEP

    12288:/y90iPQedDt4QB5kxhNrINnSpziYt52S6SyTSBP2LbJayCMVMiYkWFtaYChp:/yfpTMrIFYtk2yTSBPiVCmWFcY+p

Malware Config

Extracted

Family

redline

Botnet

gena

C2

185.161.248.73:4164

Attributes
  • auth_value

    d05bf43eef533e262271449829751d07

Extracted

Family

redline

Botnet

dark

C2

185.161.248.73:4164

Attributes
  • auth_value

    ae85b01f66afe8770afeed560513fc2d

Targets

    • Target

      fe63c869c0807fafc23bf4a0cbfd0160343fda100e0da8bfcd18e7086e55b89f

    • Size

      867KB

    • MD5

      ee59c065cf86b630c3d3ad919ab32b25

    • SHA1

      9423c23e8c2af3d995dd9dd565fa74fe00c9df38

    • SHA256

      fe63c869c0807fafc23bf4a0cbfd0160343fda100e0da8bfcd18e7086e55b89f

    • SHA512

      d8127dd43f2c61c927d731e7898a9b99844504146b3b598eba7dfbf793dbfd9a779d1da679dce038489dcf21d55d4dfe60753ad8d4d854d68dccbabbe6276a18

    • SSDEEP

      12288:/y90iPQedDt4QB5kxhNrINnSpziYt52S6SyTSBP2LbJayCMVMiYkWFtaYChp:/yfpTMrIFYtk2yTSBPiVCmWFcY+p

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks