General

  • Target

    df90d3dd42c3f9a52b2be1544b7ed1986a654175b981ee387911d1bf0c0986f0

  • Size

    890KB

  • Sample

    241109-gzrn7azapk

  • MD5

    253e0c55a77bbe1f1194de5892327868

  • SHA1

    02138d6c59180ff03da9126b1f044f630d1bb8c2

  • SHA256

    df90d3dd42c3f9a52b2be1544b7ed1986a654175b981ee387911d1bf0c0986f0

  • SHA512

    f18e98575f78a966eb362092148fca52f433e1c35f5678ad01d48ca783f8b413dcfee27e2f1667f8a39735528090b7dacd9e1248cc80ac10f99a2192f88db7bc

  • SSDEEP

    24576:Sy0K8Ace5NcentRZzOjk8mybHjUYPR0R8ozzC:50ebCet7+t024

Malware Config

Extracted

Family

redline

Botnet

gena

C2

185.161.248.73:4164

Attributes
  • auth_value

    d05bf43eef533e262271449829751d07

Extracted

Family

redline

Botnet

dante

C2

185.161.248.73:4164

Attributes
  • auth_value

    f4066af6b8a6f23125c8ee48288a3f90

Targets

    • Target

      df90d3dd42c3f9a52b2be1544b7ed1986a654175b981ee387911d1bf0c0986f0

    • Size

      890KB

    • MD5

      253e0c55a77bbe1f1194de5892327868

    • SHA1

      02138d6c59180ff03da9126b1f044f630d1bb8c2

    • SHA256

      df90d3dd42c3f9a52b2be1544b7ed1986a654175b981ee387911d1bf0c0986f0

    • SHA512

      f18e98575f78a966eb362092148fca52f433e1c35f5678ad01d48ca783f8b413dcfee27e2f1667f8a39735528090b7dacd9e1248cc80ac10f99a2192f88db7bc

    • SSDEEP

      24576:Sy0K8Ace5NcentRZzOjk8mybHjUYPR0R8ozzC:50ebCet7+t024

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks