General

  • Target

    27cfd7771db5efb76d9a3a6365099295422bbbb04982266ec7d82ce2eaf67f3e

  • Size

    850KB

  • Sample

    241109-hst2eazenf

  • MD5

    613abcd399e6f7a6d4acb964751d52c2

  • SHA1

    3c40a4b7cb47c51c7fa9360cf0923ba94dfb0464

  • SHA256

    27cfd7771db5efb76d9a3a6365099295422bbbb04982266ec7d82ce2eaf67f3e

  • SHA512

    2a3fda4f992bf544b8b3abaf96a024c46d857945e1c7d373f2306798781d12bdaba0750b8e95d8d1e41725c17ffcb052e87ce728683dfe9cdc45297e0774133e

  • SSDEEP

    24576:1y83SeWTVSr3VNSotYKVY/lIVqJsw1eghP:Q8ie/3h2KV8c

Malware Config

Extracted

Family

redline

Botnet

gena

C2

185.161.248.73:4164

Attributes
  • auth_value

    d05bf43eef533e262271449829751d07

Extracted

Family

redline

Botnet

dante

C2

185.161.248.73:4164

Attributes
  • auth_value

    f4066af6b8a6f23125c8ee48288a3f90

Targets

    • Target

      27cfd7771db5efb76d9a3a6365099295422bbbb04982266ec7d82ce2eaf67f3e

    • Size

      850KB

    • MD5

      613abcd399e6f7a6d4acb964751d52c2

    • SHA1

      3c40a4b7cb47c51c7fa9360cf0923ba94dfb0464

    • SHA256

      27cfd7771db5efb76d9a3a6365099295422bbbb04982266ec7d82ce2eaf67f3e

    • SHA512

      2a3fda4f992bf544b8b3abaf96a024c46d857945e1c7d373f2306798781d12bdaba0750b8e95d8d1e41725c17ffcb052e87ce728683dfe9cdc45297e0774133e

    • SSDEEP

      24576:1y83SeWTVSr3VNSotYKVY/lIVqJsw1eghP:Q8ie/3h2KV8c

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks