General

  • Target

    90872d8edb91bed21409768b92622659af956ec1626de69dd22f56948a3cb1d8

  • Size

    849KB

  • Sample

    241109-rwp2asyphp

  • MD5

    621898503449e6a5cb6c3639af765d09

  • SHA1

    9cd86fcad5157406a1bb1dd2b5e71897d7812ec8

  • SHA256

    90872d8edb91bed21409768b92622659af956ec1626de69dd22f56948a3cb1d8

  • SHA512

    b91368eafd74570128175ef3d2f70f15693ed1d7a27dc010ca2ce4d969023d50dab7196dd8704389b22681a3bca0936e5c278e8fc5522c86d0fd95db53ac80cd

  • SSDEEP

    24576:zyyHVj/oOY4SdPZOqnBK6RXifcAN95YKnR1PZyG1:GW9sbBK+q3N9fT

Malware Config

Extracted

Family

redline

Botnet

gena

C2

185.161.248.73:4164

Attributes
  • auth_value

    d05bf43eef533e262271449829751d07

Extracted

Family

redline

Botnet

dante

C2

185.161.248.73:4164

Attributes
  • auth_value

    f4066af6b8a6f23125c8ee48288a3f90

Targets

    • Target

      90872d8edb91bed21409768b92622659af956ec1626de69dd22f56948a3cb1d8

    • Size

      849KB

    • MD5

      621898503449e6a5cb6c3639af765d09

    • SHA1

      9cd86fcad5157406a1bb1dd2b5e71897d7812ec8

    • SHA256

      90872d8edb91bed21409768b92622659af956ec1626de69dd22f56948a3cb1d8

    • SHA512

      b91368eafd74570128175ef3d2f70f15693ed1d7a27dc010ca2ce4d969023d50dab7196dd8704389b22681a3bca0936e5c278e8fc5522c86d0fd95db53ac80cd

    • SSDEEP

      24576:zyyHVj/oOY4SdPZOqnBK6RXifcAN95YKnR1PZyG1:GW9sbBK+q3N9fT

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks