General

  • Target

    9aa7243931558732b3b7608da1755ef2cf4a5040194011a48fd5384bfa9e55c9

  • Size

    589KB

  • Sample

    241112-bnjljs1frm

  • MD5

    06dde792f3bb213745bed4ff6a1be687

  • SHA1

    2c689775445de07eb1d0ea720971f8a5323aec9d

  • SHA256

    9aa7243931558732b3b7608da1755ef2cf4a5040194011a48fd5384bfa9e55c9

  • SHA512

    3cbaa2f923b26a8d3853b85aaab07f2e226c31228feda98f6bdb4d8567496c091197e24bb05c61bd9257b9052f5c3a546c332566996dd7999735296d97d42a16

  • SSDEEP

    12288:xy90vTRRa+nn6nThR50wqePIqGnezV7hKm7qXiKR2:xy2NnyRPqeQq9zRhKmMU

Malware Config

Extracted

Family

redline

Botnet

gena

C2

185.161.248.73:4164

Attributes
  • auth_value

    d05bf43eef533e262271449829751d07

Extracted

Family

redline

Botnet

dante

C2

185.161.248.73:4164

Attributes
  • auth_value

    f4066af6b8a6f23125c8ee48288a3f90

Targets

    • Target

      9aa7243931558732b3b7608da1755ef2cf4a5040194011a48fd5384bfa9e55c9

    • Size

      589KB

    • MD5

      06dde792f3bb213745bed4ff6a1be687

    • SHA1

      2c689775445de07eb1d0ea720971f8a5323aec9d

    • SHA256

      9aa7243931558732b3b7608da1755ef2cf4a5040194011a48fd5384bfa9e55c9

    • SHA512

      3cbaa2f923b26a8d3853b85aaab07f2e226c31228feda98f6bdb4d8567496c091197e24bb05c61bd9257b9052f5c3a546c332566996dd7999735296d97d42a16

    • SSDEEP

      12288:xy90vTRRa+nn6nThR50wqePIqGnezV7hKm7qXiKR2:xy2NnyRPqeQq9zRhKmMU

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks