General

  • Target

    d073af4d2f6c88068db61b308ace8e7f476e4b87afa6624209243db943bfabebN

  • Size

    479KB

  • Sample

    241109-y85qvavjaq

  • MD5

    83ec5cdf248e5eef192c2a78f6f58100

  • SHA1

    fbaee90a60ef1ffebd28b884648785b596231aab

  • SHA256

    d073af4d2f6c88068db61b308ace8e7f476e4b87afa6624209243db943bfabeb

  • SHA512

    adc27c15cb8e0fd030679626e395d9a860cade19fa43c93c9b04ff9901906da903969838b50da54f3d53cff5c6ddab5fa11dd9425701f1b2c7e1feb073fbdbeb

  • SSDEEP

    12288:cz2/F3bj2fsc9W2YulMgUz0JJZqeA6ebOhr14TaNsZZK7N:m6Fxclyhze3qJOj4TaKZZK

Malware Config

Extracted

Family

redline

Botnet

gena

C2

185.161.248.73:4164

Attributes
  • auth_value

    d05bf43eef533e262271449829751d07

Targets

    • Target

      d073af4d2f6c88068db61b308ace8e7f476e4b87afa6624209243db943bfabebN

    • Size

      479KB

    • MD5

      83ec5cdf248e5eef192c2a78f6f58100

    • SHA1

      fbaee90a60ef1ffebd28b884648785b596231aab

    • SHA256

      d073af4d2f6c88068db61b308ace8e7f476e4b87afa6624209243db943bfabeb

    • SHA512

      adc27c15cb8e0fd030679626e395d9a860cade19fa43c93c9b04ff9901906da903969838b50da54f3d53cff5c6ddab5fa11dd9425701f1b2c7e1feb073fbdbeb

    • SSDEEP

      12288:cz2/F3bj2fsc9W2YulMgUz0JJZqeA6ebOhr14TaNsZZK7N:m6Fxclyhze3qJOj4TaKZZK

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks