General

  • Target

    0513d1a9de10865b3d5cbb480a924ed92f6464bcef68deb2b436f5937bd9142f.exe

  • Size

    479KB

  • Sample

    241112-y4envszhmg

  • MD5

    b7af33b83ec0faea42da0118a1ddd316

  • SHA1

    d95cc2e9c8d32423834d131045e9297ba2685c88

  • SHA256

    0513d1a9de10865b3d5cbb480a924ed92f6464bcef68deb2b436f5937bd9142f

  • SHA512

    2f472c9200d609921f8ac9829c8bee0c21006881746f57b6df32607d70369a89af017c04e17ebba0ee6b0f2378911ccb085868d85a72c112cea4be553eb2be37

  • SSDEEP

    12288:Cz2/F3bj2fsc9W2YulMgUz0JJZqeA6ebOhr14TaNsZZK7NC:Y6Fxclyhze3qJOj4TaKZZKA

Malware Config

Extracted

Family

redline

Botnet

gena

C2

185.161.248.73:4164

Attributes
  • auth_value

    d05bf43eef533e262271449829751d07

Targets

    • Target

      0513d1a9de10865b3d5cbb480a924ed92f6464bcef68deb2b436f5937bd9142f.exe

    • Size

      479KB

    • MD5

      b7af33b83ec0faea42da0118a1ddd316

    • SHA1

      d95cc2e9c8d32423834d131045e9297ba2685c88

    • SHA256

      0513d1a9de10865b3d5cbb480a924ed92f6464bcef68deb2b436f5937bd9142f

    • SHA512

      2f472c9200d609921f8ac9829c8bee0c21006881746f57b6df32607d70369a89af017c04e17ebba0ee6b0f2378911ccb085868d85a72c112cea4be553eb2be37

    • SSDEEP

      12288:Cz2/F3bj2fsc9W2YulMgUz0JJZqeA6ebOhr14TaNsZZK7NC:Y6Fxclyhze3qJOj4TaKZZKA

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks