General

  • Target

    ee41a5407e35ff6626eaffcf8a9e8bf2ab4b6c81a2427dbf82286088028be479N

  • Size

    582KB

  • Sample

    241111-hts6hawamd

  • MD5

    15bee7e56d8fbf1f58546151f37d6d10

  • SHA1

    b363110aebb9f1329060f1d284f44aeba76ad1fb

  • SHA256

    ee41a5407e35ff6626eaffcf8a9e8bf2ab4b6c81a2427dbf82286088028be479

  • SHA512

    f9d1dc768901e12f6265c4b22b42ef1ed8eb3555e5b817985cc739bbbac6cb43ea7cc66d1eca01883fa33c261997840100d939053994f1d35809684f3f8f09cf

  • SSDEEP

    6144:GbDNNczW2qCEFgk47EOfTeEgQUEEQhRvC9Z14kvcUUM4unsWfbPb7nwifkeffq:GbDfczW2WFLHQvra1DkN0rbPIWkef

Malware Config

Extracted

Family

redline

Botnet

gena

C2

185.161.248.73:4164

Attributes
  • auth_value

    d05bf43eef533e262271449829751d07

Targets

    • Target

      ee41a5407e35ff6626eaffcf8a9e8bf2ab4b6c81a2427dbf82286088028be479N

    • Size

      582KB

    • MD5

      15bee7e56d8fbf1f58546151f37d6d10

    • SHA1

      b363110aebb9f1329060f1d284f44aeba76ad1fb

    • SHA256

      ee41a5407e35ff6626eaffcf8a9e8bf2ab4b6c81a2427dbf82286088028be479

    • SHA512

      f9d1dc768901e12f6265c4b22b42ef1ed8eb3555e5b817985cc739bbbac6cb43ea7cc66d1eca01883fa33c261997840100d939053994f1d35809684f3f8f09cf

    • SSDEEP

      6144:GbDNNczW2qCEFgk47EOfTeEgQUEEQhRvC9Z14kvcUUM4unsWfbPb7nwifkeffq:GbDfczW2WFLHQvra1DkN0rbPIWkef

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks