General

  • Target

    2cdc2cf65c0b76e97dc8706727c5ca17e3a12ecdb9d650a3e48f93db466b6929N

  • Size

    1.5MB

  • Sample

    241109-2gvy4steqg

  • MD5

    afb140016977cca07d0a16d3d4eb5700

  • SHA1

    b26fb560b407e57b1f55e2c8b4515544df24b03f

  • SHA256

    2cdc2cf65c0b76e97dc8706727c5ca17e3a12ecdb9d650a3e48f93db466b6929

  • SHA512

    6d12eb69521d4129d5449e8bbaf8ea0ce24cb75b3b4e2ce4e7789b320520dc5d97ab1baaa31800ad970844649ca357c1775f4a11d2601cafba5adcf442432aac

  • SSDEEP

    24576:NyPV6Gckg9+VvBFyeTUTbT+VCcBikE2ikxMJNrQdeKwTXQ/AL6vy8Pxae:oPVtcR9+we4sP4lW2NnKd/WGw

Malware Config

Extracted

Family

redline

Botnet

most

C2

185.161.248.73:4164

Attributes
  • auth_value

    7da4dfa153f2919e617aa016f7c36008

Targets

    • Target

      2cdc2cf65c0b76e97dc8706727c5ca17e3a12ecdb9d650a3e48f93db466b6929N

    • Size

      1.5MB

    • MD5

      afb140016977cca07d0a16d3d4eb5700

    • SHA1

      b26fb560b407e57b1f55e2c8b4515544df24b03f

    • SHA256

      2cdc2cf65c0b76e97dc8706727c5ca17e3a12ecdb9d650a3e48f93db466b6929

    • SHA512

      6d12eb69521d4129d5449e8bbaf8ea0ce24cb75b3b4e2ce4e7789b320520dc5d97ab1baaa31800ad970844649ca357c1775f4a11d2601cafba5adcf442432aac

    • SSDEEP

      24576:NyPV6Gckg9+VvBFyeTUTbT+VCcBikE2ikxMJNrQdeKwTXQ/AL6vy8Pxae:oPVtcR9+we4sP4lW2NnKd/WGw

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks