General

  • Target

    8340b85b87e24540355c0b78dc941fd8e8a3225f6e8136ec859bef8c038efb7c

  • Size

    793KB

  • Sample

    241109-wyeqkazbmg

  • MD5

    14af28aa5ab1358410f9668e16a1cfa4

  • SHA1

    a53e08f4af289fe1773f62e868f9fdf3029a5162

  • SHA256

    8340b85b87e24540355c0b78dc941fd8e8a3225f6e8136ec859bef8c038efb7c

  • SHA512

    b030c32d6601cdb4bf0d6c60b34f8f8ef2cf7f481294fda654a6cb0c457186f73f8b1f3a6a18bee7836c6272ae22d3fd9f0982c2f53155c440675b379f1536c2

  • SSDEEP

    12288:Dy90wFIqxGZZO6Thf0RFfnnHfLhR5SwNqPdRonexceZ7YgcqjEFveZjZ/ge:DyZFbof+PntRpNqVRXmuFcoEEZt

Malware Config

Extracted

Family

redline

Botnet

gena

C2

185.161.248.73:4164

Attributes
  • auth_value

    d05bf43eef533e262271449829751d07

Extracted

Family

redline

Botnet

dante

C2

185.161.248.73:4164

Attributes
  • auth_value

    f4066af6b8a6f23125c8ee48288a3f90

Targets

    • Target

      8340b85b87e24540355c0b78dc941fd8e8a3225f6e8136ec859bef8c038efb7c

    • Size

      793KB

    • MD5

      14af28aa5ab1358410f9668e16a1cfa4

    • SHA1

      a53e08f4af289fe1773f62e868f9fdf3029a5162

    • SHA256

      8340b85b87e24540355c0b78dc941fd8e8a3225f6e8136ec859bef8c038efb7c

    • SHA512

      b030c32d6601cdb4bf0d6c60b34f8f8ef2cf7f481294fda654a6cb0c457186f73f8b1f3a6a18bee7836c6272ae22d3fd9f0982c2f53155c440675b379f1536c2

    • SSDEEP

      12288:Dy90wFIqxGZZO6Thf0RFfnnHfLhR5SwNqPdRonexceZ7YgcqjEFveZjZ/ge:DyZFbof+PntRpNqVRXmuFcoEEZt

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks