General

  • Target

    6cf5aacc8ca71d0c8117f98bf2c8830f865b1684fb2b7afc348b3625617fdf15N.exe

  • Size

    571KB

  • Sample

    241112-x9dhbazcjq

  • MD5

    02f8087526a38bff6fa3685afe4bff90

  • SHA1

    10d893a63c35046419dc99944e96204b669e8ec4

  • SHA256

    6cf5aacc8ca71d0c8117f98bf2c8830f865b1684fb2b7afc348b3625617fdf15

  • SHA512

    4999ae6b1ebf57fc572d1138fe472f5dba60fa9720e1d293cc904232f8020f8306c3226c567a9bea9a4b15cc962023cb0c1efdc1503af108ea9a89538ce8afee

  • SSDEEP

    12288:Zy907uZ+GR785TmPUSvA8I/h/an457Kv/n74arYBa8H:ZygEQTNSo8e8/74aSa8H

Malware Config

Extracted

Family

redline

Botnet

gena

C2

185.161.248.73:4164

Attributes
  • auth_value

    d05bf43eef533e262271449829751d07

Extracted

Family

redline

Botnet

dante

C2

185.161.248.73:4164

Attributes
  • auth_value

    f4066af6b8a6f23125c8ee48288a3f90

Targets

    • Target

      6cf5aacc8ca71d0c8117f98bf2c8830f865b1684fb2b7afc348b3625617fdf15N.exe

    • Size

      571KB

    • MD5

      02f8087526a38bff6fa3685afe4bff90

    • SHA1

      10d893a63c35046419dc99944e96204b669e8ec4

    • SHA256

      6cf5aacc8ca71d0c8117f98bf2c8830f865b1684fb2b7afc348b3625617fdf15

    • SHA512

      4999ae6b1ebf57fc572d1138fe472f5dba60fa9720e1d293cc904232f8020f8306c3226c567a9bea9a4b15cc962023cb0c1efdc1503af108ea9a89538ce8afee

    • SSDEEP

      12288:Zy907uZ+GR785TmPUSvA8I/h/an457Kv/n74arYBa8H:ZygEQTNSo8e8/74aSa8H

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks