General

  • Target

    0aba330aee0eda3b2d5b51343c4a6a20b84573f628a300a8939235d41b193afd

  • Size

    495KB

  • Sample

    241112-x762vasngk

  • MD5

    31fbe44856943154ede88f6b3886356e

  • SHA1

    e274296aa536cd0512b7048bbf521d23b52ae17c

  • SHA256

    0aba330aee0eda3b2d5b51343c4a6a20b84573f628a300a8939235d41b193afd

  • SHA512

    3f4f10f300a3cd791710a7be89fcd0e128deec916a9d38ffe9a910bb9f23a9503738e1ea267d4a280305e16dee54d4069d615d239525d135022a3dc87a242b7e

  • SSDEEP

    12288:sja7iBJfnFomzp29t1S9bJ7rSuf+W/tB:sjW6fFLF2l6R/

Malware Config

Extracted

Family

redline

Botnet

norm

C2

77.91.124.145:4125

Attributes
  • auth_value

    1514e6c0ec3d10a36f68f61b206f5759

Targets

    • Target

      0aba330aee0eda3b2d5b51343c4a6a20b84573f628a300a8939235d41b193afd

    • Size

      495KB

    • MD5

      31fbe44856943154ede88f6b3886356e

    • SHA1

      e274296aa536cd0512b7048bbf521d23b52ae17c

    • SHA256

      0aba330aee0eda3b2d5b51343c4a6a20b84573f628a300a8939235d41b193afd

    • SHA512

      3f4f10f300a3cd791710a7be89fcd0e128deec916a9d38ffe9a910bb9f23a9503738e1ea267d4a280305e16dee54d4069d615d239525d135022a3dc87a242b7e

    • SSDEEP

      12288:sja7iBJfnFomzp29t1S9bJ7rSuf+W/tB:sjW6fFLF2l6R/

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks