Overview

overview

10

Static

static

3

b4038ccfae...fN.exe

windows7-x64

10

b4038ccfae...fN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b4038ccfae24f669bc0e857e5f0d993f7f516a004db4255e35e61eaecb7b0e1fN

  • Size

    414KB

  • Sample

    241111-cbemhazglb

  • MD5

    821a211a93ab6fc493da0ce159e4cc00

  • SHA1

    980945a5a5dd106686c0a736ff93ee03458d79f3

  • SHA256

    b4038ccfae24f669bc0e857e5f0d993f7f516a004db4255e35e61eaecb7b0e1f

  • SHA512

    79c23cceb316f07a6f8fde9a2c27fb50ed1eedfe4c3840eb47b62086e7d8913b5b6a3e060000ac38a9b92e3b4a3ee61dd744b8141506bb67a265977c99f00c98

  • SSDEEP

    6144:KL2Oup5EQm3D92bud3mKFBBbNsCNqYZui332NUbR4LiuUxuwCsq+ZX+NXiSbqhIT:K5zQmTou9mKVbzb73GU1rdEUuaY

Score
10/10
redlinenormdiscoveryinfostealer

Malware Config

Extracted

Family

redline

Botnet

norm

C2

77.91.124.145:4125

Attributes
  • auth_value

    1514e6c0ec3d10a36f68f61b206f5759

Targets

    • Target

      b4038ccfae24f669bc0e857e5f0d993f7f516a004db4255e35e61eaecb7b0e1fN

    • Size

      414KB

    • MD5

      821a211a93ab6fc493da0ce159e4cc00

    • SHA1

      980945a5a5dd106686c0a736ff93ee03458d79f3

    • SHA256

      b4038ccfae24f669bc0e857e5f0d993f7f516a004db4255e35e61eaecb7b0e1f

    • SHA512

      79c23cceb316f07a6f8fde9a2c27fb50ed1eedfe4c3840eb47b62086e7d8913b5b6a3e060000ac38a9b92e3b4a3ee61dd744b8141506bb67a265977c99f00c98

    • SSDEEP

      6144:KL2Oup5EQm3D92bud3mKFBBbNsCNqYZui332NUbR4LiuUxuwCsq+ZX+NXiSbqhIT:K5zQmTou9mKVbzb73GU1rdEUuaY

    Score
    10/10
    redlinenormdiscoveryinfostealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks