General

  • Target

    076a56a87db16b3a80c5d45f6615c9c0cf09cbaf8960dbc8b2231da7cf0517b3

  • Size

    851KB

  • Sample

    241110-ffa2nazjet

  • MD5

    2e52c5c8004d8a93b10fd88dadf7ec6c

  • SHA1

    c3350ceaa9ba06737c39b2b3403d6249737856af

  • SHA256

    076a56a87db16b3a80c5d45f6615c9c0cf09cbaf8960dbc8b2231da7cf0517b3

  • SHA512

    3fade50f6e95088671bb7fe4b2ecdcbf5bde10d054c718351da792a036d6df2c2a42dd87f4a2cf557eed2e9b0177ae0f18112539d2a0e0f1863e34cf73bf57bb

  • SSDEEP

    12288:Iy90vdSSaDfJn6kFgyx2BkRe5WCLaUsk4D/ab4Jefq+q52mYJOCdzwl6RB:IyGdiDHxkHsvSbdWYJOChB

Malware Config

Extracted

Family

redline

Botnet

gena

C2

185.161.248.73:4164

Attributes
  • auth_value

    d05bf43eef533e262271449829751d07

Extracted

Family

redline

Botnet

dante

C2

185.161.248.73:4164

Attributes
  • auth_value

    f4066af6b8a6f23125c8ee48288a3f90

Targets

    • Target

      076a56a87db16b3a80c5d45f6615c9c0cf09cbaf8960dbc8b2231da7cf0517b3

    • Size

      851KB

    • MD5

      2e52c5c8004d8a93b10fd88dadf7ec6c

    • SHA1

      c3350ceaa9ba06737c39b2b3403d6249737856af

    • SHA256

      076a56a87db16b3a80c5d45f6615c9c0cf09cbaf8960dbc8b2231da7cf0517b3

    • SHA512

      3fade50f6e95088671bb7fe4b2ecdcbf5bde10d054c718351da792a036d6df2c2a42dd87f4a2cf557eed2e9b0177ae0f18112539d2a0e0f1863e34cf73bf57bb

    • SSDEEP

      12288:Iy90vdSSaDfJn6kFgyx2BkRe5WCLaUsk4D/ab4Jefq+q52mYJOCdzwl6RB:IyGdiDHxkHsvSbdWYJOChB

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks