General

  • Target

    6aff4c2becaf24ab6e1d9bffe05aaf67020a7cfc3c77e7f576efccd11cfaaf49

  • Size

    891KB

  • Sample

    241111-ermn6awlbq

  • MD5

    84211f0f1a11df3f903213c052324eea

  • SHA1

    fe225315d84fd4babce4f60c5eb30dbbc65415fe

  • SHA256

    6aff4c2becaf24ab6e1d9bffe05aaf67020a7cfc3c77e7f576efccd11cfaaf49

  • SHA512

    66d5004301720a463c819715b58a265b7f34880a012676e18775175223224d2457a701aa4a340c4ba539f247d5043b6acb1d8af8ee033c8a8a93d456980a5226

  • SSDEEP

    24576:SycJKnl203RFx8XnkRycKiA/J0MKHuzH84YQFQyI5er:5cJAfPx8XkTRMhc4uyP

Malware Config

Extracted

Family

redline

Botnet

gena

C2

185.161.248.73:4164

Attributes
  • auth_value

    d05bf43eef533e262271449829751d07

Extracted

Family

redline

Botnet

dante

C2

185.161.248.73:4164

Attributes
  • auth_value

    f4066af6b8a6f23125c8ee48288a3f90

Targets

    • Target

      6aff4c2becaf24ab6e1d9bffe05aaf67020a7cfc3c77e7f576efccd11cfaaf49

    • Size

      891KB

    • MD5

      84211f0f1a11df3f903213c052324eea

    • SHA1

      fe225315d84fd4babce4f60c5eb30dbbc65415fe

    • SHA256

      6aff4c2becaf24ab6e1d9bffe05aaf67020a7cfc3c77e7f576efccd11cfaaf49

    • SHA512

      66d5004301720a463c819715b58a265b7f34880a012676e18775175223224d2457a701aa4a340c4ba539f247d5043b6acb1d8af8ee033c8a8a93d456980a5226

    • SSDEEP

      24576:SycJKnl203RFx8XnkRycKiA/J0MKHuzH84YQFQyI5er:5cJAfPx8XkTRMhc4uyP

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks