General

  • Target

    8366cced505ec3b1035153bca90ae084a5e533b3a298376975110851b165ab98

  • Size

    793KB

  • Sample

    241109-yd2qps1bmd

  • MD5

    0894472604a38f7981edc7e28026693a

  • SHA1

    b6027154737d700da09c5ce0560ed5a884351db9

  • SHA256

    8366cced505ec3b1035153bca90ae084a5e533b3a298376975110851b165ab98

  • SHA512

    2a75c3afc8b588527c7005439404ab0dabed1ba7bd897584b14b010dc2139a09b0ea51ef017ef0f8a464e06f300eb40d8a3c0bcb40dd93a3b9de3d8d87b0f22e

  • SSDEEP

    12288:yy904HzJW21H2IJABXtqY/utvoEtA6J4fWD8v0VZVni4/aS9rVWd8XsC+:yyfHzJWaHDyXtxmQOfo0bVnD9r9/+

Malware Config

Extracted

Family

redline

Botnet

gena

C2

185.161.248.73:4164

Attributes
  • auth_value

    d05bf43eef533e262271449829751d07

Extracted

Family

redline

Botnet

dork

C2

185.161.248.73:4164

Attributes
  • auth_value

    e81be7d6cfb453cc812e1b4890eeadad

Targets

    • Target

      8366cced505ec3b1035153bca90ae084a5e533b3a298376975110851b165ab98

    • Size

      793KB

    • MD5

      0894472604a38f7981edc7e28026693a

    • SHA1

      b6027154737d700da09c5ce0560ed5a884351db9

    • SHA256

      8366cced505ec3b1035153bca90ae084a5e533b3a298376975110851b165ab98

    • SHA512

      2a75c3afc8b588527c7005439404ab0dabed1ba7bd897584b14b010dc2139a09b0ea51ef017ef0f8a464e06f300eb40d8a3c0bcb40dd93a3b9de3d8d87b0f22e

    • SSDEEP

      12288:yy904HzJW21H2IJABXtqY/utvoEtA6J4fWD8v0VZVni4/aS9rVWd8XsC+:yyfHzJWaHDyXtxmQOfo0bVnD9r9/+

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks