General

  • Target

    185189c20d352feffc5ba12be87726b85b11232e4f241d24e67bb0b435b38167

  • Size

    890KB

  • Sample

    241110-fkvxmazhmc

  • MD5

    be40e5ba0ed3878afeb4de6db7780f61

  • SHA1

    ed2c1c81730ab795789498b582288bdc12079df0

  • SHA256

    185189c20d352feffc5ba12be87726b85b11232e4f241d24e67bb0b435b38167

  • SHA512

    9c613a8ac46ca8c059828493338ce72f0deb23f53f28a5f2bae86dc895c9a7b30ae5924fe2fb5434eeebd06cd4f0a30dbf3efd0ff0202d72f618930ec84a29a6

  • SSDEEP

    12288:my90jsYtUKOnupnnr2UrR5Vwn7PwhAnen7zI98uWWyTtT9uZdl3u1iD1RHFUsQU:myKPUKcupnRRAn7Ihfn7MagDzrlzA

Malware Config

Extracted

Family

redline

Botnet

gena

C2

185.161.248.73:4164

Attributes
  • auth_value

    d05bf43eef533e262271449829751d07

Extracted

Family

redline

Botnet

dante

C2

185.161.248.73:4164

Attributes
  • auth_value

    f4066af6b8a6f23125c8ee48288a3f90

Targets

    • Target

      185189c20d352feffc5ba12be87726b85b11232e4f241d24e67bb0b435b38167

    • Size

      890KB

    • MD5

      be40e5ba0ed3878afeb4de6db7780f61

    • SHA1

      ed2c1c81730ab795789498b582288bdc12079df0

    • SHA256

      185189c20d352feffc5ba12be87726b85b11232e4f241d24e67bb0b435b38167

    • SHA512

      9c613a8ac46ca8c059828493338ce72f0deb23f53f28a5f2bae86dc895c9a7b30ae5924fe2fb5434eeebd06cd4f0a30dbf3efd0ff0202d72f618930ec84a29a6

    • SSDEEP

      12288:my90jsYtUKOnupnnr2UrR5Vwn7PwhAnen7zI98uWWyTtT9uZdl3u1iD1RHFUsQU:myKPUKcupnRRAn7Ihfn7MagDzrlzA

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks