General

  • Target

    3ce73f36bf5cd57e8f0d0950e83439e4006131c5c91745e31feacbd9872eecee

  • Size

    850KB

  • Sample

    241111-hfj1nstpfz

  • MD5

    8a2bb5ec4cb9e47f3ec00f9c40409950

  • SHA1

    ceb7c660d65959ee4d55630e3e428dc948c475cb

  • SHA256

    3ce73f36bf5cd57e8f0d0950e83439e4006131c5c91745e31feacbd9872eecee

  • SHA512

    8240bdaf7d4f996eb8d85a02a7f1af12a3daadf68c6a86a95167d06b86da4d8378f38c64a2a236d442d0820c2639ff2889f290723a7fb386e3fe137979d622e3

  • SSDEEP

    24576:vyDLPVDOIG+Q11f4zPVTPrd4TZlRDfD4:6DbV6I5Q1UVjWXRDL

Malware Config

Extracted

Family

redline

Botnet

gena

C2

185.161.248.73:4164

Attributes
  • auth_value

    d05bf43eef533e262271449829751d07

Extracted

Family

redline

Botnet

danko

C2

185.161.248.73:4164

Attributes
  • auth_value

    784d42a6c1eb1a5060b8bcd3696f5f1e

Targets

    • Target

      3ce73f36bf5cd57e8f0d0950e83439e4006131c5c91745e31feacbd9872eecee

    • Size

      850KB

    • MD5

      8a2bb5ec4cb9e47f3ec00f9c40409950

    • SHA1

      ceb7c660d65959ee4d55630e3e428dc948c475cb

    • SHA256

      3ce73f36bf5cd57e8f0d0950e83439e4006131c5c91745e31feacbd9872eecee

    • SHA512

      8240bdaf7d4f996eb8d85a02a7f1af12a3daadf68c6a86a95167d06b86da4d8378f38c64a2a236d442d0820c2639ff2889f290723a7fb386e3fe137979d622e3

    • SSDEEP

      24576:vyDLPVDOIG+Q11f4zPVTPrd4TZlRDfD4:6DbV6I5Q1UVjWXRDL

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks