General

  • Target

    196a02b61169606da253979ddbc7c0b8a42a76a42e909dff96d2e8de5e58b82f

  • Size

    424KB

  • Sample

    241112-yxrpvazhkk

  • MD5

    d6be788ce9a46ab76facbde4eb6adeca

  • SHA1

    e29bcb9ebd025b0e087d0db65f21e8ba77bbe90f

  • SHA256

    196a02b61169606da253979ddbc7c0b8a42a76a42e909dff96d2e8de5e58b82f

  • SHA512

    b9d51402c668fac718f406dc3938d8156f6d084c1812aab2b94b16d44ead0e8c6ac0224c609369cf8400905cf444ce56c7348bea25c1f0ffc6b822a8a26b00a1

  • SSDEEP

    6144:YMjrkdSCFNVLHqgQyg9FuCuyqwdsBWTvTFMJYkL9SlWL1KEq2ZQuRWxwXT:YkJCrVTeL9FuCurwdswTrFZkZ/njBj

Malware Config

Extracted

Family

redline

Botnet

norm

C2

77.91.124.145:4125

Attributes
  • auth_value

    1514e6c0ec3d10a36f68f61b206f5759

Targets

    • Target

      196a02b61169606da253979ddbc7c0b8a42a76a42e909dff96d2e8de5e58b82f

    • Size

      424KB

    • MD5

      d6be788ce9a46ab76facbde4eb6adeca

    • SHA1

      e29bcb9ebd025b0e087d0db65f21e8ba77bbe90f

    • SHA256

      196a02b61169606da253979ddbc7c0b8a42a76a42e909dff96d2e8de5e58b82f

    • SHA512

      b9d51402c668fac718f406dc3938d8156f6d084c1812aab2b94b16d44ead0e8c6ac0224c609369cf8400905cf444ce56c7348bea25c1f0ffc6b822a8a26b00a1

    • SSDEEP

      6144:YMjrkdSCFNVLHqgQyg9FuCuyqwdsBWTvTFMJYkL9SlWL1KEq2ZQuRWxwXT:YkJCrVTeL9FuCurwdswTrFZkZ/njBj

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks