General

  • Target

    1cbf9bb8d1b556f420901718ba1e29c6bba495f6a170f679b52b82bb22b61d8d

  • Size

    574KB

  • Sample

    241112-yyp8eayqgy

  • MD5

    71d1f740f8f8dd67c230f6b8e52dd58a

  • SHA1

    950516b82c7c8ccb2aa323aba5cfee47ca263395

  • SHA256

    1cbf9bb8d1b556f420901718ba1e29c6bba495f6a170f679b52b82bb22b61d8d

  • SHA512

    f44e546313b613157d5fbc387ce6af19cb6ed27fc3612d905c531716f0a9f508dc9533755694f223de21fa7431623467780cb10e1f69a03fdb59598cddf1f1b0

  • SSDEEP

    12288:OZTYeKazd8Hatlo++vJ6BHF9WwCNdQPyy2ZWB:OVY4d86tcJASJdoTDB

Malware Config

Extracted

Family

redline

Botnet

gena

C2

185.161.248.73:4164

Attributes
  • auth_value

    d05bf43eef533e262271449829751d07

Targets

    • Target

      1cbf9bb8d1b556f420901718ba1e29c6bba495f6a170f679b52b82bb22b61d8d

    • Size

      574KB

    • MD5

      71d1f740f8f8dd67c230f6b8e52dd58a

    • SHA1

      950516b82c7c8ccb2aa323aba5cfee47ca263395

    • SHA256

      1cbf9bb8d1b556f420901718ba1e29c6bba495f6a170f679b52b82bb22b61d8d

    • SHA512

      f44e546313b613157d5fbc387ce6af19cb6ed27fc3612d905c531716f0a9f508dc9533755694f223de21fa7431623467780cb10e1f69a03fdb59598cddf1f1b0

    • SSDEEP

      12288:OZTYeKazd8Hatlo++vJ6BHF9WwCNdQPyy2ZWB:OVY4d86tcJASJdoTDB

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks