Overview

overview

10

Static

static

3

e2daa800d5...3N.exe

windows7-x64

10

e2daa800d5...3N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e2daa800d503bbdd75fcef259c167081bac12248fde0bac32f69e5d2a0a5db33N

  • Size

    529KB

  • Sample

    241111-cqvx2azkdz

  • MD5

    b938504dec24c4ca39cb1bca0395fa30

  • SHA1

    1c74c9b77c81712efb050940312ee1293bf6c2a4

  • SHA256

    e2daa800d503bbdd75fcef259c167081bac12248fde0bac32f69e5d2a0a5db33

  • SHA512

    895289e434b9bd5761a717078b50b69db6cb7d0dd27e33c3916c270ecc98bcd45cfeb3770892a7c3b686d5606ba9dc3382568703ccc31e5e238fba8fcda9b605

  • SSDEEP

    6144:IJAC5jLlDAcnqaBnhm7FwmacsuMsZG1e2euwL9NLF/HSHEDNITlz8SUEZvz9SvCQ:GACXlB87FovH7fwLDBweChcEZvzgCFS

Score
10/10
redlinegenadiscoveryinfostealer

Malware Config

Extracted

Family

redline

Botnet

gena

C2

185.161.248.73:4164

Attributes
  • auth_value

    d05bf43eef533e262271449829751d07

Targets

    • Target

      e2daa800d503bbdd75fcef259c167081bac12248fde0bac32f69e5d2a0a5db33N

    • Size

      529KB

    • MD5

      b938504dec24c4ca39cb1bca0395fa30

    • SHA1

      1c74c9b77c81712efb050940312ee1293bf6c2a4

    • SHA256

      e2daa800d503bbdd75fcef259c167081bac12248fde0bac32f69e5d2a0a5db33

    • SHA512

      895289e434b9bd5761a717078b50b69db6cb7d0dd27e33c3916c270ecc98bcd45cfeb3770892a7c3b686d5606ba9dc3382568703ccc31e5e238fba8fcda9b605

    • SSDEEP

      6144:IJAC5jLlDAcnqaBnhm7FwmacsuMsZG1e2euwL9NLF/HSHEDNITlz8SUEZvz9SvCQ:GACXlB87FovH7fwLDBweChcEZvzgCFS

    Score
    10/10
    redlinegenadiscoveryinfostealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks