General

  • Target

    8a26a95e8e2dc5a35cd4c094da0269d9962636abd2c6c273451adb59023e7e56N

  • Size

    849KB

  • Sample

    241110-et1zkazapj

  • MD5

    af132fadf608c73fc4ddfaa98df13520

  • SHA1

    9564565d0042c039d257ef895b9978bba03d4ea4

  • SHA256

    8a26a95e8e2dc5a35cd4c094da0269d9962636abd2c6c273451adb59023e7e56

  • SHA512

    d953c2f1df7bab3820452009c1b8ea094d0b6727bc4d7920a1d778251202304af5ec737b6f38214556b6e58258e74ce6313fa73354338037fd8031c23277c0f0

  • SSDEEP

    12288:Wy90ervNXyqd4+B2waghPTUCqdjPLO6kDrB8dP740V5X2KE5fcCQVERQnrLORoG:WyVrRfBj2HPLO6aBsnXX2KEbQaRQ/Qt

Malware Config

Extracted

Family

redline

Botnet

gena

C2

185.161.248.73:4164

Attributes
  • auth_value

    d05bf43eef533e262271449829751d07

Extracted

Family

redline

Botnet

dante

C2

185.161.248.73:4164

Attributes
  • auth_value

    f4066af6b8a6f23125c8ee48288a3f90

Targets

    • Target

      8a26a95e8e2dc5a35cd4c094da0269d9962636abd2c6c273451adb59023e7e56N

    • Size

      849KB

    • MD5

      af132fadf608c73fc4ddfaa98df13520

    • SHA1

      9564565d0042c039d257ef895b9978bba03d4ea4

    • SHA256

      8a26a95e8e2dc5a35cd4c094da0269d9962636abd2c6c273451adb59023e7e56

    • SHA512

      d953c2f1df7bab3820452009c1b8ea094d0b6727bc4d7920a1d778251202304af5ec737b6f38214556b6e58258e74ce6313fa73354338037fd8031c23277c0f0

    • SSDEEP

      12288:Wy90ervNXyqd4+B2waghPTUCqdjPLO6kDrB8dP740V5X2KE5fcCQVERQnrLORoG:WyVrRfBj2HPLO6aBsnXX2KEbQaRQ/Qt

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks