General

  • Target

    94154c63ccb688a42729dfaca53442d0b257064d75ff1cc41d03ec02f32c1f4b

  • Size

    865KB

  • Sample

    241109-z133qasell

  • MD5

    0d9bf72845c1ea68dd698ae4faeb74fe

  • SHA1

    322b55ff06e75ef06fb13b69515982ac5de6fd3a

  • SHA256

    94154c63ccb688a42729dfaca53442d0b257064d75ff1cc41d03ec02f32c1f4b

  • SHA512

    e78fe486171563762549455f49537f1ee5579c7eb5ebb46a6e0890197047ee4aa187ea95960a81636c0154e9db0cd6a746e82ef0b45d64931e092edf259b9f52

  • SSDEEP

    24576:5yCvcldfGTKHiIpaH72RJozkFZE/1aQFRta:sCUX5Hi+aH68sZEdtF

Malware Config

Extracted

Family

redline

Botnet

gena

C2

185.161.248.73:4164

Attributes
  • auth_value

    d05bf43eef533e262271449829751d07

Extracted

Family

redline

Botnet

dark

C2

185.161.248.73:4164

Attributes
  • auth_value

    ae85b01f66afe8770afeed560513fc2d

Targets

    • Target

      94154c63ccb688a42729dfaca53442d0b257064d75ff1cc41d03ec02f32c1f4b

    • Size

      865KB

    • MD5

      0d9bf72845c1ea68dd698ae4faeb74fe

    • SHA1

      322b55ff06e75ef06fb13b69515982ac5de6fd3a

    • SHA256

      94154c63ccb688a42729dfaca53442d0b257064d75ff1cc41d03ec02f32c1f4b

    • SHA512

      e78fe486171563762549455f49537f1ee5579c7eb5ebb46a6e0890197047ee4aa187ea95960a81636c0154e9db0cd6a746e82ef0b45d64931e092edf259b9f52

    • SSDEEP

      24576:5yCvcldfGTKHiIpaH72RJozkFZE/1aQFRta:sCUX5Hi+aH68sZEdtF

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks