General

  • Target

    13118f6479fda85795c3d5467bd2d9e0f724596c9e0f0d16be976347dfecdf22

  • Size

    581KB

  • Sample

    241109-ykkqrs1cpf

  • MD5

    a966d92d2c87edf0c5aa2d022c95ffb3

  • SHA1

    616967a7db3da3bdd0051ae0a95ed929dadb98a7

  • SHA256

    13118f6479fda85795c3d5467bd2d9e0f724596c9e0f0d16be976347dfecdf22

  • SHA512

    7df40cc7c5ab2f10ada4f2fd9731968387bd18bdf04cae1947cfef27b343805404e8907188106407d137a62e8209b2b23462718065af6b050104b2030749ae38

  • SSDEEP

    12288:dvAh3cpq/5gZl2/u4RLZftnpnw/q5J2QC1Q:FAWbZl2LfBpnw/q/27

Malware Config

Extracted

Family

redline

Botnet

gena

C2

185.161.248.73:4164

Attributes
  • auth_value

    d05bf43eef533e262271449829751d07

Targets

    • Target

      13118f6479fda85795c3d5467bd2d9e0f724596c9e0f0d16be976347dfecdf22

    • Size

      581KB

    • MD5

      a966d92d2c87edf0c5aa2d022c95ffb3

    • SHA1

      616967a7db3da3bdd0051ae0a95ed929dadb98a7

    • SHA256

      13118f6479fda85795c3d5467bd2d9e0f724596c9e0f0d16be976347dfecdf22

    • SHA512

      7df40cc7c5ab2f10ada4f2fd9731968387bd18bdf04cae1947cfef27b343805404e8907188106407d137a62e8209b2b23462718065af6b050104b2030749ae38

    • SSDEEP

      12288:dvAh3cpq/5gZl2/u4RLZftnpnw/q5J2QC1Q:FAWbZl2LfBpnw/q/27

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks