General

  • Target

    3994a93685e9c77df5404ad6dfc06c559cb7e2017f6763d6685942ce7cedea73.exe

  • Size

    569KB

  • Sample

    241112-15r2pasepn

  • MD5

    a360b55405c1988ea4ed3bd10454be3d

  • SHA1

    98604119d1b77ca2672d92d72a24a4e4974d0fba

  • SHA256

    3994a93685e9c77df5404ad6dfc06c559cb7e2017f6763d6685942ce7cedea73

  • SHA512

    27a1f686d9dc2fcfb07f8bcd35b15e6e9aecfeac1bb629d24c30c82095e2f8ccf8c450d0c408768f825116827ec09d83872717a7a31ad21ce05963d93627d711

  • SSDEEP

    12288:5y90jAmCH4vGgA3Y8FdjPhOKkD0BsKxuL0o5XkOiwk7d5:5yqlCYvnkPhOKfBbVSX/itd5

Malware Config

Extracted

Family

redline

Botnet

gena

C2

185.161.248.73:4164

Attributes
  • auth_value

    d05bf43eef533e262271449829751d07

Extracted

Family

redline

Botnet

dante

C2

185.161.248.73:4164

Attributes
  • auth_value

    f4066af6b8a6f23125c8ee48288a3f90

Targets

    • Target

      3994a93685e9c77df5404ad6dfc06c559cb7e2017f6763d6685942ce7cedea73.exe

    • Size

      569KB

    • MD5

      a360b55405c1988ea4ed3bd10454be3d

    • SHA1

      98604119d1b77ca2672d92d72a24a4e4974d0fba

    • SHA256

      3994a93685e9c77df5404ad6dfc06c559cb7e2017f6763d6685942ce7cedea73

    • SHA512

      27a1f686d9dc2fcfb07f8bcd35b15e6e9aecfeac1bb629d24c30c82095e2f8ccf8c450d0c408768f825116827ec09d83872717a7a31ad21ce05963d93627d711

    • SSDEEP

      12288:5y90jAmCH4vGgA3Y8FdjPhOKkD0BsKxuL0o5XkOiwk7d5:5yqlCYvnkPhOKfBbVSX/itd5

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks