General

  • Target

    7685525b32c9dcf8c88b3649de72a30636004a1e85bf29629c3d578182acde6dN

  • Size

    576KB

  • Sample

    241109-21l6baxjaq

  • MD5

    c33f74883c6313a9637a62555f2453d0

  • SHA1

    1e7215cb8b62ce724e81244fc189caf557c22663

  • SHA256

    7685525b32c9dcf8c88b3649de72a30636004a1e85bf29629c3d578182acde6d

  • SHA512

    d68e2b85d7a3bb0112662974729c01f0ec7e1edbb93c652f5fc46c6c8d4582974792c516852ebf7767f7970718419d704edcc668c188cc0df704cf018753c48a

  • SSDEEP

    12288:y8Lx8V4JrnK6sNHpH8qaVjIRhNQLkMIFyvvp:yWx5re8pjIJWdIFix

Malware Config

Extracted

Family

redline

Botnet

gena

C2

185.161.248.73:4164

Attributes
  • auth_value

    d05bf43eef533e262271449829751d07

Targets

    • Target

      7685525b32c9dcf8c88b3649de72a30636004a1e85bf29629c3d578182acde6dN

    • Size

      576KB

    • MD5

      c33f74883c6313a9637a62555f2453d0

    • SHA1

      1e7215cb8b62ce724e81244fc189caf557c22663

    • SHA256

      7685525b32c9dcf8c88b3649de72a30636004a1e85bf29629c3d578182acde6d

    • SHA512

      d68e2b85d7a3bb0112662974729c01f0ec7e1edbb93c652f5fc46c6c8d4582974792c516852ebf7767f7970718419d704edcc668c188cc0df704cf018753c48a

    • SSDEEP

      12288:y8Lx8V4JrnK6sNHpH8qaVjIRhNQLkMIFyvvp:yWx5re8pjIJWdIFix

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks