General

  • Target

    37c24f801df5e35d4e62cdd0986ad9c9bdc6bf1b5942c8a3f900c5c80a9a09f9

  • Size

    773KB

  • Sample

    241109-etj12szngk

  • MD5

    29aaf4329eb63ad58213522d546be502

  • SHA1

    7f5484fbe77a2b1ecdcc9d5d881c8a7fe4d0bbef

  • SHA256

    37c24f801df5e35d4e62cdd0986ad9c9bdc6bf1b5942c8a3f900c5c80a9a09f9

  • SHA512

    afa2717ffda628f6ef1cbaa65c505743d8ae4699e20c0a091c28d792289c7e5a94cd5c848622350a7d42ad74b60eddfc8bee69344efdb38ff9f54a1f7974a3e2

  • SSDEEP

    24576:Ayy2GzxwCYvDnP1O1fBiNxX/dEOro0O6r:HyHMvE5iHFEOrJ

Malware Config

Extracted

Family

redline

Botnet

gena

C2

185.161.248.73:4164

Attributes
  • auth_value

    d05bf43eef533e262271449829751d07

Extracted

Family

redline

Botnet

dante

C2

185.161.248.73:4164

Attributes
  • auth_value

    f4066af6b8a6f23125c8ee48288a3f90

Targets

    • Target

      37c24f801df5e35d4e62cdd0986ad9c9bdc6bf1b5942c8a3f900c5c80a9a09f9

    • Size

      773KB

    • MD5

      29aaf4329eb63ad58213522d546be502

    • SHA1

      7f5484fbe77a2b1ecdcc9d5d881c8a7fe4d0bbef

    • SHA256

      37c24f801df5e35d4e62cdd0986ad9c9bdc6bf1b5942c8a3f900c5c80a9a09f9

    • SHA512

      afa2717ffda628f6ef1cbaa65c505743d8ae4699e20c0a091c28d792289c7e5a94cd5c848622350a7d42ad74b60eddfc8bee69344efdb38ff9f54a1f7974a3e2

    • SSDEEP

      24576:Ayy2GzxwCYvDnP1O1fBiNxX/dEOro0O6r:HyHMvE5iHFEOrJ

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks