General

  • Target

    509ba7a4c50d98f97b8fae548ff8db3c6e2861139b62b08c2c0383bfb6b4852b

  • Size

    774KB

  • Sample

    241109-16cy6awncn

  • MD5

    9028b1f75506452499767a5566dbcf67

  • SHA1

    52d201831a209de01e4bec817595c97f14bc2fc2

  • SHA256

    509ba7a4c50d98f97b8fae548ff8db3c6e2861139b62b08c2c0383bfb6b4852b

  • SHA512

    80954e0a0c6469c83778e700a1305ce5b373de0396a76281d0cd188d089cbbdc059ec5c04eb84f1b7240e683b7257d893cb21ca94cb49898759a6f7190970331

  • SSDEEP

    12288:Ay90O21B83A6eBMKMJp5O61eck1VGo/22YapfCbJCs9xxh5P:AyDWKxeBKFxk1VGQ9pfYCMF

Malware Config

Extracted

Family

redline

Botnet

gena

C2

185.161.248.73:4164

Attributes
  • auth_value

    d05bf43eef533e262271449829751d07

Extracted

Family

redline

Botnet

dark

C2

185.161.248.73:4164

Attributes
  • auth_value

    ae85b01f66afe8770afeed560513fc2d

Targets

    • Target

      509ba7a4c50d98f97b8fae548ff8db3c6e2861139b62b08c2c0383bfb6b4852b

    • Size

      774KB

    • MD5

      9028b1f75506452499767a5566dbcf67

    • SHA1

      52d201831a209de01e4bec817595c97f14bc2fc2

    • SHA256

      509ba7a4c50d98f97b8fae548ff8db3c6e2861139b62b08c2c0383bfb6b4852b

    • SHA512

      80954e0a0c6469c83778e700a1305ce5b373de0396a76281d0cd188d089cbbdc059ec5c04eb84f1b7240e683b7257d893cb21ca94cb49898759a6f7190970331

    • SSDEEP

      12288:Ay90O21B83A6eBMKMJp5O61eck1VGo/22YapfCbJCs9xxh5P:AyDWKxeBKFxk1VGQ9pfYCMF

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks