General

  • Target

    1283c9da8490d86359fe2d6dd5a7ba189c907d9862745d2d303b692e5d1460f5

  • Size

    889KB

  • Sample

    241111-hfa3rsvdjq

  • MD5

    1d0f7e04609c1ea28deb90aecb2fb230

  • SHA1

    58aeecddc1a52133f294b1f43436f562d1d6a186

  • SHA256

    1283c9da8490d86359fe2d6dd5a7ba189c907d9862745d2d303b692e5d1460f5

  • SHA512

    3e3efb5ec92859ded27167c7c31846340accf3f53d2ebb62e66ad9326c242be3b872c42187b83d973853b7dba2da53173f0bbc6451e2a216856174a45d230742

  • SSDEEP

    24576:Ly8jvu1bo7NPAuOCgow4qZrGzEs2qsm1cat:+8jvuy7NYuOD/HdsEs2qbt

Malware Config

Extracted

Family

redline

Botnet

gena

C2

185.161.248.73:4164

Attributes
  • auth_value

    d05bf43eef533e262271449829751d07

Extracted

Family

redline

Botnet

dork

C2

185.161.248.73:4164

Attributes
  • auth_value

    e81be7d6cfb453cc812e1b4890eeadad

Targets

    • Target

      1283c9da8490d86359fe2d6dd5a7ba189c907d9862745d2d303b692e5d1460f5

    • Size

      889KB

    • MD5

      1d0f7e04609c1ea28deb90aecb2fb230

    • SHA1

      58aeecddc1a52133f294b1f43436f562d1d6a186

    • SHA256

      1283c9da8490d86359fe2d6dd5a7ba189c907d9862745d2d303b692e5d1460f5

    • SHA512

      3e3efb5ec92859ded27167c7c31846340accf3f53d2ebb62e66ad9326c242be3b872c42187b83d973853b7dba2da53173f0bbc6451e2a216856174a45d230742

    • SSDEEP

      24576:Ly8jvu1bo7NPAuOCgow4qZrGzEs2qsm1cat:+8jvuy7NYuOD/HdsEs2qbt

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks