General

  • Target

    d726542e93c6b147495df1ecf3c48c0d3fe89d255713f5b15c131d3ecec618b2

  • Size

    819KB

  • Sample

    241109-znl9fascjr

  • MD5

    a7ec4c2ec8a2c7b65ba0c63111fdf866

  • SHA1

    ad23e4349e964de00d355ab64733c1f7c9663669

  • SHA256

    d726542e93c6b147495df1ecf3c48c0d3fe89d255713f5b15c131d3ecec618b2

  • SHA512

    1f7b0cb101d01a7265caac043342b41ece4267bb9cff008dda643f9e4714ccf4f4ddf1111beae27d838e9fc0dcd1dbc132895c6b6f384e2bec2ff650e40540fc

  • SSDEEP

    24576:nZLuPmrYbAkeCL3TKeYyrIjqLEW8mUmRt3yoO:wmrYbP7I5qP8SRtc

Malware Config

Extracted

Family

redline

Botnet

ans

C2

34.125.68.133:80

104.197.80.52:80

Attributes
  • auth_value

    338d5be1ef49d0de9911f6d8ed35e991

Targets

    • Target

      503604112fa7b8be8002664f2b67416c765f3b994bd5457a57ae14cdceaaa0ac.exe

    • Size

      1.8MB

    • MD5

      0d94be3223266ea6bbdaecfa3200142c

    • SHA1

      879279ff736a0dd8768f4d807e9d91b78d1a4fce

    • SHA256

      503604112fa7b8be8002664f2b67416c765f3b994bd5457a57ae14cdceaaa0ac

    • SHA512

      7f336ab06f9344ae14ae2d366958503b289f7636324f69186eee9e0f8cdec8445b7a003312a0689d1627efc32af6536f1e8ee38bc2bb790cdf7225064881e3ba

    • SSDEEP

      24576:7zFesd38Ctz7uET06nE9QNZR9twp5L5ulugTvcuNSVw3XZlqGwF4bqPJrLklTG0:Vesfi6Exu5lg4mxrLklTG0

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks