General

  • Target

    5013cfab75c8cfd986b3ab4de5c346c47f7d40736a6cd82943ec4cf5f8cdee22

  • Size

    851KB

  • Sample

    241109-zh55csvkhq

  • MD5

    97885e98bb6747d8658cdaf2f2884c78

  • SHA1

    497588757eee774812a3fbb506a60d0354f3de72

  • SHA256

    5013cfab75c8cfd986b3ab4de5c346c47f7d40736a6cd82943ec4cf5f8cdee22

  • SHA512

    9642e5e5d63bf2ceba8d74a5af747704929c54249c44ef429a4e40ece20082d9cc4f66dcdaa49a366bf5f18702161e0a1e64d61bd22da39eb792d379c2bdbb01

  • SSDEEP

    24576:wyeANZgOrDx9usSCbiTxnnb4EX372YCoqpp:3vTgOx9oVn8g7v6p

Malware Config

Extracted

Family

redline

Botnet

gena

C2

185.161.248.73:4164

Attributes
  • auth_value

    d05bf43eef533e262271449829751d07

Extracted

Family

redline

Botnet

dante

C2

185.161.248.73:4164

Attributes
  • auth_value

    f4066af6b8a6f23125c8ee48288a3f90

Targets

    • Target

      5013cfab75c8cfd986b3ab4de5c346c47f7d40736a6cd82943ec4cf5f8cdee22

    • Size

      851KB

    • MD5

      97885e98bb6747d8658cdaf2f2884c78

    • SHA1

      497588757eee774812a3fbb506a60d0354f3de72

    • SHA256

      5013cfab75c8cfd986b3ab4de5c346c47f7d40736a6cd82943ec4cf5f8cdee22

    • SHA512

      9642e5e5d63bf2ceba8d74a5af747704929c54249c44ef429a4e40ece20082d9cc4f66dcdaa49a366bf5f18702161e0a1e64d61bd22da39eb792d379c2bdbb01

    • SSDEEP

      24576:wyeANZgOrDx9usSCbiTxnnb4EX372YCoqpp:3vTgOx9oVn8g7v6p

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks