General

  • Target

    3168addd4309d56c314d003634a3f186276d86eaf27da0cfb08512fe95dbb13a

  • Size

    61KB

  • Sample

    241017-ypyheswflr

  • MD5

    4fdb0cd943aeaff2fd30dc6ca6fd316a

  • SHA1

    7a1fada1fc7b03f16c101016e02e3bdc72d907c2

  • SHA256

    3168addd4309d56c314d003634a3f186276d86eaf27da0cfb08512fe95dbb13a

  • SHA512

    0807faca2ea3b49c9334bf85c10fa11485cd6de91997a78615b16c9fe8aab58b153160e607f18e64daf864a7425a61cc9c7fb5c6f319a51885329c269e907dec

  • SSDEEP

    1536:qY//xqZdFOiPPlFNfypFRX7WsF0MtJjPLy:qoxw1PFqL3PjPLy

Malware Config

Extracted

Family

redline

Botnet

test

C2

50.116.53.64:3214

Targets

    • Target

      3168addd4309d56c314d003634a3f186276d86eaf27da0cfb08512fe95dbb13a

    • Size

      61KB

    • MD5

      4fdb0cd943aeaff2fd30dc6ca6fd316a

    • SHA1

      7a1fada1fc7b03f16c101016e02e3bdc72d907c2

    • SHA256

      3168addd4309d56c314d003634a3f186276d86eaf27da0cfb08512fe95dbb13a

    • SHA512

      0807faca2ea3b49c9334bf85c10fa11485cd6de91997a78615b16c9fe8aab58b153160e607f18e64daf864a7425a61cc9c7fb5c6f319a51885329c269e907dec

    • SSDEEP

      1536:qY//xqZdFOiPPlFNfypFRX7WsF0MtJjPLy:qoxw1PFqL3PjPLy

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks