General

  • Target

    c2cc823a0df092c7fce7fcbe4c8f824591f2d9fcff544777e4968d74f3d28d13

  • Size

    866KB

  • Sample

    241111-he4zfsvglc

  • MD5

    170f9e86d0832e1cbd4e48c6690d04da

  • SHA1

    cebc0eb4d0197c01874cb1386a74f6de573df06e

  • SHA256

    c2cc823a0df092c7fce7fcbe4c8f824591f2d9fcff544777e4968d74f3d28d13

  • SHA512

    b202e85dd3d3566489e34413b2719d63adb1d7e13d2c5783bccca0dfa7ae1d30f729a0d701470d904a7d4fb43f295b40bdfd9ad7aaf1dafb024986d53894b316

  • SSDEEP

    24576:gyr9F0MZ+KXdP/P1cgSRP5q3EMrKpp5vBzymvUAr3:nDVlRHm/RPkEMUpW2

Malware Config

Extracted

Family

redline

Botnet

gena

C2

185.161.248.73:4164

Attributes
  • auth_value

    d05bf43eef533e262271449829751d07

Extracted

Family

redline

Botnet

dark

C2

185.161.248.73:4164

Attributes
  • auth_value

    ae85b01f66afe8770afeed560513fc2d

Targets

    • Target

      c2cc823a0df092c7fce7fcbe4c8f824591f2d9fcff544777e4968d74f3d28d13

    • Size

      866KB

    • MD5

      170f9e86d0832e1cbd4e48c6690d04da

    • SHA1

      cebc0eb4d0197c01874cb1386a74f6de573df06e

    • SHA256

      c2cc823a0df092c7fce7fcbe4c8f824591f2d9fcff544777e4968d74f3d28d13

    • SHA512

      b202e85dd3d3566489e34413b2719d63adb1d7e13d2c5783bccca0dfa7ae1d30f729a0d701470d904a7d4fb43f295b40bdfd9ad7aaf1dafb024986d53894b316

    • SSDEEP

      24576:gyr9F0MZ+KXdP/P1cgSRP5q3EMrKpp5vBzymvUAr3:nDVlRHm/RPkEMUpW2

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks