General

  • Target

    f8eb2310a760caf26849a87a66ff89d58f7d21245bc549023e6470ce397f44f9.exe

  • Size

    530KB

  • Sample

    241111-bt13sazdkh

  • MD5

    cf602786174778595e9e29b905727653

  • SHA1

    6bd110b04e9427360b9ee9e8e5a064a06db1a554

  • SHA256

    f8eb2310a760caf26849a87a66ff89d58f7d21245bc549023e6470ce397f44f9

  • SHA512

    2fd64a5e16d2412cdb5cae375b521fe9f84138e19583996ba05b2fdabb102180a7243fc8507881c9f2ff36d9e84ea8fac08eedf6b712eb23b684e29e44b74a15

  • SSDEEP

    12288:GlcaxRaNnn6mbtR50wisMIw1nefXIf107:PSenpRPisFwMQO7

Malware Config

Extracted

Family

redline

Botnet

gena

C2

185.161.248.73:4164

Attributes
  • auth_value

    d05bf43eef533e262271449829751d07

Targets

    • Target

      f8eb2310a760caf26849a87a66ff89d58f7d21245bc549023e6470ce397f44f9.exe

    • Size

      530KB

    • MD5

      cf602786174778595e9e29b905727653

    • SHA1

      6bd110b04e9427360b9ee9e8e5a064a06db1a554

    • SHA256

      f8eb2310a760caf26849a87a66ff89d58f7d21245bc549023e6470ce397f44f9

    • SHA512

      2fd64a5e16d2412cdb5cae375b521fe9f84138e19583996ba05b2fdabb102180a7243fc8507881c9f2ff36d9e84ea8fac08eedf6b712eb23b684e29e44b74a15

    • SSDEEP

      12288:GlcaxRaNnn6mbtR50wisMIw1nefXIf107:PSenpRPisFwMQO7

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.