General

  • Target

    e2979f971ed69314f95db618da853c7cb201c6ab21b46a6d7d3108f5741a0e0f

  • Size

    417KB

  • Sample

    240409-dspz8sch26

  • MD5

    6ac97d740fb5c90ede238029d8318688

  • SHA1

    b097cc2912d08413a44a88fc04ac459bd74b3bad

  • SHA256

    e2979f971ed69314f95db618da853c7cb201c6ab21b46a6d7d3108f5741a0e0f

  • SHA512

    7b2a61d1567b29ff8e03ddf5d015b5ab4ca77dc901a2a5c69c9dd478dd65ab4b4ea70e6bf7b2f3c897aeb06938a376d1b7e4ea9662911d6a6f9ca5b5715d3b18

  • SSDEEP

    6144:lekZjybv1yL3TVNO6KtZ1e7ieg+BdOV1n8As8Pp+/XpkBaVjcSQzQ7/2kvT:lNjco3TxA3CierL8Ps0aVw8F

Malware Config

Extracted

Family

redline

Botnet

norm

C2

77.91.124.145:4125

Attributes
  • auth_value

    1514e6c0ec3d10a36f68f61b206f5759

Targets

    • Target

      e2979f971ed69314f95db618da853c7cb201c6ab21b46a6d7d3108f5741a0e0f

    • Size

      417KB

    • MD5

      6ac97d740fb5c90ede238029d8318688

    • SHA1

      b097cc2912d08413a44a88fc04ac459bd74b3bad

    • SHA256

      e2979f971ed69314f95db618da853c7cb201c6ab21b46a6d7d3108f5741a0e0f

    • SHA512

      7b2a61d1567b29ff8e03ddf5d015b5ab4ca77dc901a2a5c69c9dd478dd65ab4b4ea70e6bf7b2f3c897aeb06938a376d1b7e4ea9662911d6a6f9ca5b5715d3b18

    • SSDEEP

      6144:lekZjybv1yL3TVNO6KtZ1e7ieg+BdOV1n8As8Pp+/XpkBaVjcSQzQ7/2kvT:lNjco3TxA3CierL8Ps0aVw8F

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Detects executables packed with ConfuserEx Mod

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks