General

  • Target

    8dc008f95257bc8aa58e9c32d47b71787f84d0ad71dd00123a79003ccccc19d5

  • Size

    850KB

  • Sample

    241111-h9vz2avhlr

  • MD5

    70a959aa1460e9704c432efe96be5a89

  • SHA1

    14ae237603efe0e5a0a5083bbb1b32ecca50fe44

  • SHA256

    8dc008f95257bc8aa58e9c32d47b71787f84d0ad71dd00123a79003ccccc19d5

  • SHA512

    e081e7cab3d4f6fbaecc796ca3aa63b5bf1a34ed9384bb7bb5147aa340320c424824a9dfafc618cffe9f5cf634239701a775be55b0955c45dd89e8f8d832c1ab

  • SSDEEP

    12288:8y90q9IO2fsXUhXDgux1BkFezWeLd+snT2AZFOgU39Xee7U+5yeMtaDpomcrS/:8y99IO20Uh7xfssSVS4Us39

Malware Config

Extracted

Family

redline

Botnet

gena

C2

185.161.248.73:4164

Attributes
  • auth_value

    d05bf43eef533e262271449829751d07

Extracted

Family

redline

Botnet

dante

C2

185.161.248.73:4164

Attributes
  • auth_value

    f4066af6b8a6f23125c8ee48288a3f90

Targets

    • Target

      8dc008f95257bc8aa58e9c32d47b71787f84d0ad71dd00123a79003ccccc19d5

    • Size

      850KB

    • MD5

      70a959aa1460e9704c432efe96be5a89

    • SHA1

      14ae237603efe0e5a0a5083bbb1b32ecca50fe44

    • SHA256

      8dc008f95257bc8aa58e9c32d47b71787f84d0ad71dd00123a79003ccccc19d5

    • SHA512

      e081e7cab3d4f6fbaecc796ca3aa63b5bf1a34ed9384bb7bb5147aa340320c424824a9dfafc618cffe9f5cf634239701a775be55b0955c45dd89e8f8d832c1ab

    • SSDEEP

      12288:8y90q9IO2fsXUhXDgux1BkFezWeLd+snT2AZFOgU39Xee7U+5yeMtaDpomcrS/:8y99IO20Uh7xfssSVS4Us39

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks