General

  • Target

    ad3930e087caf238fec1c5dfac2659a58254929bd3f21ae3be0cf647375d2a4d

  • Size

    890KB

  • Sample

    241111-kxa57sxajq

  • MD5

    f5e6d3506624bb3ef4d21e2dc5489cd5

  • SHA1

    fb164e7168b0e1416765ac400ee48f8c8957e24e

  • SHA256

    ad3930e087caf238fec1c5dfac2659a58254929bd3f21ae3be0cf647375d2a4d

  • SHA512

    603e8998b8afea4b5ac632d03598e9b605e9d1bed87282d93237fcf4c1e908f9beced964641b2eb61dd948e72e69fbe6b6b9d89e4ec53bc6175ff883f6489e48

  • SSDEEP

    24576:xyzVxStZHExnmRbNaZzxVvAIdzos7lpdIsqVCq1:kTuZHExmPOAcJyVC

Malware Config

Extracted

Family

redline

Botnet

gena

C2

185.161.248.73:4164

Attributes
  • auth_value

    d05bf43eef533e262271449829751d07

Extracted

Family

redline

Botnet

dante

C2

185.161.248.73:4164

Attributes
  • auth_value

    f4066af6b8a6f23125c8ee48288a3f90

Targets

    • Target

      ad3930e087caf238fec1c5dfac2659a58254929bd3f21ae3be0cf647375d2a4d

    • Size

      890KB

    • MD5

      f5e6d3506624bb3ef4d21e2dc5489cd5

    • SHA1

      fb164e7168b0e1416765ac400ee48f8c8957e24e

    • SHA256

      ad3930e087caf238fec1c5dfac2659a58254929bd3f21ae3be0cf647375d2a4d

    • SHA512

      603e8998b8afea4b5ac632d03598e9b605e9d1bed87282d93237fcf4c1e908f9beced964641b2eb61dd948e72e69fbe6b6b9d89e4ec53bc6175ff883f6489e48

    • SSDEEP

      24576:xyzVxStZHExnmRbNaZzxVvAIdzos7lpdIsqVCq1:kTuZHExmPOAcJyVC

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks