General

  • Target

    9195819e43298725d2939cf667101b69348c0e89e94f7b8226be424c7e78a098.exe

  • Size

    582KB

  • Sample

    241112-x8l33aykhs

  • MD5

    6fced8b54625dc6fafc9aec308c52a16

  • SHA1

    7c6a7976095ec241850bff5ee64bb8ac4ad4fc72

  • SHA256

    9195819e43298725d2939cf667101b69348c0e89e94f7b8226be424c7e78a098

  • SHA512

    a06bbd55d3d885b7390f962919b53a487d4b34bde6a68786db5a34d046bbac14966852ebb837118fe56ee259cd10062923f6c9fa669a2dd74acaee272fbfaa64

  • SSDEEP

    12288:YsLi9pW/d6CU9XVo8dY9o67hNmeKbu163qJ:YGiEd6CU9Fo8d67hNmeKa43qJ

Malware Config

Extracted

Family

redline

Botnet

gena

C2

185.161.248.73:4164

Attributes
  • auth_value

    d05bf43eef533e262271449829751d07

Targets

    • Target

      9195819e43298725d2939cf667101b69348c0e89e94f7b8226be424c7e78a098.exe

    • Size

      582KB

    • MD5

      6fced8b54625dc6fafc9aec308c52a16

    • SHA1

      7c6a7976095ec241850bff5ee64bb8ac4ad4fc72

    • SHA256

      9195819e43298725d2939cf667101b69348c0e89e94f7b8226be424c7e78a098

    • SHA512

      a06bbd55d3d885b7390f962919b53a487d4b34bde6a68786db5a34d046bbac14966852ebb837118fe56ee259cd10062923f6c9fa669a2dd74acaee272fbfaa64

    • SSDEEP

      12288:YsLi9pW/d6CU9XVo8dY9o67hNmeKbu163qJ:YGiEd6CU9Fo8d67hNmeKa43qJ

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks