General

  • Target

    4afb5064403ce5b899a7d996a743b1e8c8b75fb64f614c285714861d1a2c6c86

  • Size

    894KB

  • Sample

    241110-w27whsscmm

  • MD5

    c84c9aa6409b7b725eaeeb0dbffb6863

  • SHA1

    a8a83c4e3049532ec16ae4714db822f689499f98

  • SHA256

    4afb5064403ce5b899a7d996a743b1e8c8b75fb64f614c285714861d1a2c6c86

  • SHA512

    aadb1adf1a607c889862d2a34560d84981ac4aa8a6a0efd09a0b576af30a02888280343b1bc0dbf1a9591581aa5fd2fd389e333fcd8791bcb47f826dbe024720

  • SSDEEP

    12288:9y905FR5SaPIhxDAMpYRzOnnMq1xR5swRnPqZ1nejoZbF7KE0rLurHxtAc23fURD:9yEFPe5KwntR7RniZMj830r6rR23sN

Malware Config

Extracted

Family

redline

Botnet

gena

C2

185.161.248.73:4164

Attributes
  • auth_value

    d05bf43eef533e262271449829751d07

Extracted

Family

redline

Botnet

dante

C2

185.161.248.73:4164

Attributes
  • auth_value

    f4066af6b8a6f23125c8ee48288a3f90

Targets

    • Target

      4afb5064403ce5b899a7d996a743b1e8c8b75fb64f614c285714861d1a2c6c86

    • Size

      894KB

    • MD5

      c84c9aa6409b7b725eaeeb0dbffb6863

    • SHA1

      a8a83c4e3049532ec16ae4714db822f689499f98

    • SHA256

      4afb5064403ce5b899a7d996a743b1e8c8b75fb64f614c285714861d1a2c6c86

    • SHA512

      aadb1adf1a607c889862d2a34560d84981ac4aa8a6a0efd09a0b576af30a02888280343b1bc0dbf1a9591581aa5fd2fd389e333fcd8791bcb47f826dbe024720

    • SSDEEP

      12288:9y905FR5SaPIhxDAMpYRzOnnMq1xR5swRnPqZ1nejoZbF7KE0rLurHxtAc23fURD:9yEFPe5KwntR7RniZMj830r6rR23sN

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks