General

  • Target

    28bb5b58fdb24021eb0d77dc56c4b090877912d17291cca74fed3efa9f7ccea6

  • Size

    849KB

  • Sample

    241109-ck56tavepe

  • MD5

    67f08e0374679aec72c19bc70e2d00cd

  • SHA1

    1b252877e87797f8e00cbef2efffd46e0e69951a

  • SHA256

    28bb5b58fdb24021eb0d77dc56c4b090877912d17291cca74fed3efa9f7ccea6

  • SHA512

    0ebb8de151bf73986f039923bdb55e8136b3aacb121bb8881bdd9090e6e831488ddf719b00ac5376a54b5a635e8b8115560c4c1ec7a1594392a26c0625f2711a

  • SSDEEP

    24576:GyQtn3GfZb/PLOb8BAmXz35lEzWK14Dk:VQtme+3dsWG4D

Malware Config

Extracted

Family

redline

Botnet

gena

C2

185.161.248.73:4164

Attributes
  • auth_value

    d05bf43eef533e262271449829751d07

Extracted

Family

redline

Botnet

dante

C2

185.161.248.73:4164

Attributes
  • auth_value

    f4066af6b8a6f23125c8ee48288a3f90

Targets

    • Target

      28bb5b58fdb24021eb0d77dc56c4b090877912d17291cca74fed3efa9f7ccea6

    • Size

      849KB

    • MD5

      67f08e0374679aec72c19bc70e2d00cd

    • SHA1

      1b252877e87797f8e00cbef2efffd46e0e69951a

    • SHA256

      28bb5b58fdb24021eb0d77dc56c4b090877912d17291cca74fed3efa9f7ccea6

    • SHA512

      0ebb8de151bf73986f039923bdb55e8136b3aacb121bb8881bdd9090e6e831488ddf719b00ac5376a54b5a635e8b8115560c4c1ec7a1594392a26c0625f2711a

    • SSDEEP

      24576:GyQtn3GfZb/PLOb8BAmXz35lEzWK14Dk:VQtme+3dsWG4D

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks