General

  • Target

    1702411e01d0cd615282ab8a91ef29479779f53df8c2b7ad8d9e150612e1deea

  • Size

    849KB

  • Sample

    241109-bpg44swqgl

  • MD5

    a503af3978e1796b2f253d92955ffc9d

  • SHA1

    c001655b8a045f8464936dda71ef874674c5a428

  • SHA256

    1702411e01d0cd615282ab8a91ef29479779f53df8c2b7ad8d9e150612e1deea

  • SHA512

    8c30b34b7d92f36507cdb544c5634660e96ec5f2a20cd08bb72275db2a830db3c65ed2a029adf4ebcc1fa211ed1a684b77a833c1991709d646cd96cb33895fb7

  • SSDEEP

    24576:0yiFoxYl1FPjOf7BCCcXGCNsgMwmRqOsSeF:DALiVC/GiRR7

Malware Config

Extracted

Family

redline

Botnet

gena

C2

185.161.248.73:4164

Attributes
  • auth_value

    d05bf43eef533e262271449829751d07

Extracted

Family

redline

Botnet

dante

C2

185.161.248.73:4164

Attributes
  • auth_value

    f4066af6b8a6f23125c8ee48288a3f90

Targets

    • Target

      1702411e01d0cd615282ab8a91ef29479779f53df8c2b7ad8d9e150612e1deea

    • Size

      849KB

    • MD5

      a503af3978e1796b2f253d92955ffc9d

    • SHA1

      c001655b8a045f8464936dda71ef874674c5a428

    • SHA256

      1702411e01d0cd615282ab8a91ef29479779f53df8c2b7ad8d9e150612e1deea

    • SHA512

      8c30b34b7d92f36507cdb544c5634660e96ec5f2a20cd08bb72275db2a830db3c65ed2a029adf4ebcc1fa211ed1a684b77a833c1991709d646cd96cb33895fb7

    • SSDEEP

      24576:0yiFoxYl1FPjOf7BCCcXGCNsgMwmRqOsSeF:DALiVC/GiRR7

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks