General

  • Target

    eb5d46c0a41292c608b141d3e69f30056783ef4c74981c0991569cf4623ecb67

  • Size

    1.5MB

  • Sample

    241111-gvx1eavakl

  • MD5

    8fb7e3c010447acdb646dc1f880b3cc9

  • SHA1

    b430ae10b7b154f72a1e5fe575f981b3cbafce3a

  • SHA256

    eb5d46c0a41292c608b141d3e69f30056783ef4c74981c0991569cf4623ecb67

  • SHA512

    a023d7c449863fb71f1ba5421d43724bea45b613f7ab219574f631e15a59e824f02f70e0fcc5c0a272bda91b71d76223acca0fbcbc4146c93f0e06ce1d7880bb

  • SSDEEP

    24576:YyzTAHlDPygIawtyvMpMvRF5MJ1TWxi4/9Jb/P7MJY2ibq2vbFBVgii1YmDkD:f4Fj5IaYQveJtQimX4idbzvGNHD

Malware Config

Extracted

Family

redline

Botnet

most

C2

185.161.248.73:4164

Attributes
  • auth_value

    7da4dfa153f2919e617aa016f7c36008

Targets

    • Target

      eb5d46c0a41292c608b141d3e69f30056783ef4c74981c0991569cf4623ecb67

    • Size

      1.5MB

    • MD5

      8fb7e3c010447acdb646dc1f880b3cc9

    • SHA1

      b430ae10b7b154f72a1e5fe575f981b3cbafce3a

    • SHA256

      eb5d46c0a41292c608b141d3e69f30056783ef4c74981c0991569cf4623ecb67

    • SHA512

      a023d7c449863fb71f1ba5421d43724bea45b613f7ab219574f631e15a59e824f02f70e0fcc5c0a272bda91b71d76223acca0fbcbc4146c93f0e06ce1d7880bb

    • SSDEEP

      24576:YyzTAHlDPygIawtyvMpMvRF5MJ1TWxi4/9Jb/P7MJY2ibq2vbFBVgii1YmDkD:f4Fj5IaYQveJtQimX4idbzvGNHD

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks