General

  • Target

    7e620c2e24ed7ad30581ba40ff285ce844a62ccb3efef7226cb808fd8dc8b588

  • Size

    1.1MB

  • Sample

    241111-hnxxhatrby

  • MD5

    9df9a4fca937582bc0f3391728c24d9e

  • SHA1

    7061f83a1076d374b631ac9d2b61546135c78b32

  • SHA256

    7e620c2e24ed7ad30581ba40ff285ce844a62ccb3efef7226cb808fd8dc8b588

  • SHA512

    c6cc7b120559a85e9f4dd8d054f9cf939efbf55c37933f549bf387a0d0ce3c0c8410b2ef0aaed4ae1a0ad577424c5e8c3eff8c80f7008e8cdfd0464f890dafad

  • SSDEEP

    24576:YyMAwislcRvZ50AVxqMJqvLHr0yNUeBYHHJ2Mj7:fMgicRH0AVx6vLwypYZ

Malware Config

Extracted

Family

redline

Botnet

doma

C2

185.161.248.75:4132

Attributes
  • auth_value

    8be53af7f78567706928d0abef953ef4

Targets

    • Target

      7e620c2e24ed7ad30581ba40ff285ce844a62ccb3efef7226cb808fd8dc8b588

    • Size

      1.1MB

    • MD5

      9df9a4fca937582bc0f3391728c24d9e

    • SHA1

      7061f83a1076d374b631ac9d2b61546135c78b32

    • SHA256

      7e620c2e24ed7ad30581ba40ff285ce844a62ccb3efef7226cb808fd8dc8b588

    • SHA512

      c6cc7b120559a85e9f4dd8d054f9cf939efbf55c37933f549bf387a0d0ce3c0c8410b2ef0aaed4ae1a0ad577424c5e8c3eff8c80f7008e8cdfd0464f890dafad

    • SSDEEP

      24576:YyMAwislcRvZ50AVxqMJqvLHr0yNUeBYHHJ2Mj7:fMgicRH0AVx6vLwypYZ

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks