General

  • Target

    a410c71a8a33ec7a4a5757527e48b8f59bba44e155ca1638aa6fe2530c668b0f

  • Size

    575KB

  • Sample

    241110-bl6cjawejj

  • MD5

    6afe64b439066df3a19089f6063b2f14

  • SHA1

    5588fea6031f1ee8fc69d161c265f44d9e718d84

  • SHA256

    a410c71a8a33ec7a4a5757527e48b8f59bba44e155ca1638aa6fe2530c668b0f

  • SHA512

    7526a8c5a2007e8fb47e0801d79f375140e98b0a403eeb100df778c7a1ec6856e4408c80326de17f0aa1d75785e2f5b8827f79eb8d0d54a522abf7b7ae4c0ed9

  • SSDEEP

    12288:U91WnKygIjVozbSH0IUADHHZgIT4G0cIKds3N:s1RIjFH0IUKHH2IxIKE

Malware Config

Extracted

Family

redline

Botnet

gena

C2

185.161.248.73:4164

Attributes
  • auth_value

    d05bf43eef533e262271449829751d07

Targets

    • Target

      a410c71a8a33ec7a4a5757527e48b8f59bba44e155ca1638aa6fe2530c668b0f

    • Size

      575KB

    • MD5

      6afe64b439066df3a19089f6063b2f14

    • SHA1

      5588fea6031f1ee8fc69d161c265f44d9e718d84

    • SHA256

      a410c71a8a33ec7a4a5757527e48b8f59bba44e155ca1638aa6fe2530c668b0f

    • SHA512

      7526a8c5a2007e8fb47e0801d79f375140e98b0a403eeb100df778c7a1ec6856e4408c80326de17f0aa1d75785e2f5b8827f79eb8d0d54a522abf7b7ae4c0ed9

    • SSDEEP

      12288:U91WnKygIjVozbSH0IUADHHZgIT4G0cIKds3N:s1RIjFH0IUKHH2IxIKE

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks