General

  • Target

    eaa7becc44c26c1d802981d439fc436c34cbd399a891886c5c65fcc21d7372b7

  • Size

    574KB

  • Sample

    241109-mbcs1sserp

  • MD5

    3fd5276276602c7496ed60da28212145

  • SHA1

    8bd2afa282a3c9f904792526a9b65b9976cd9357

  • SHA256

    eaa7becc44c26c1d802981d439fc436c34cbd399a891886c5c65fcc21d7372b7

  • SHA512

    eba7e2022d453d3e89503a6c108474aae0f7ce8b9992033b07a7277fdd47352013fbc474cfc3981814b606264fd839be5432e16666a8b3d67295c66899ec395d

  • SSDEEP

    12288:JlvTqsKami8mOB+C+uiDum8SPl/O+50NzXTKbx7SK:Jlbqbi8d+P1KjSN/z50dDKbx7L

Malware Config

Extracted

Family

redline

Botnet

gena

C2

185.161.248.73:4164

Attributes
  • auth_value

    d05bf43eef533e262271449829751d07

Targets

    • Target

      eaa7becc44c26c1d802981d439fc436c34cbd399a891886c5c65fcc21d7372b7

    • Size

      574KB

    • MD5

      3fd5276276602c7496ed60da28212145

    • SHA1

      8bd2afa282a3c9f904792526a9b65b9976cd9357

    • SHA256

      eaa7becc44c26c1d802981d439fc436c34cbd399a891886c5c65fcc21d7372b7

    • SHA512

      eba7e2022d453d3e89503a6c108474aae0f7ce8b9992033b07a7277fdd47352013fbc474cfc3981814b606264fd839be5432e16666a8b3d67295c66899ec395d

    • SSDEEP

      12288:JlvTqsKami8mOB+C+uiDum8SPl/O+50NzXTKbx7SK:Jlbqbi8d+P1KjSN/z50dDKbx7L

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks