General

  • Target

    2638e60aac255c92586d7818bef2c896bea1e942d0e3679c3b6b02a42d28724f

  • Size

    582KB

  • Sample

    241112-za6qxstngk

  • MD5

    8f14833d1412aaa586ba64fd6ef6a573

  • SHA1

    85831f31aa378becfb8e48d8c9c801f963a986f1

  • SHA256

    2638e60aac255c92586d7818bef2c896bea1e942d0e3679c3b6b02a42d28724f

  • SHA512

    2be226858b41c24c627f991d208f835647c98d124e1f4602a5d46697297aa6b013a847eb17923096eba61330835d57d8ac6213318575161e6c2e6d3dc7749887

  • SSDEEP

    12288:ZsLi9pW/d6CU9XVo8dY9o67hNmeKbu163q:ZGiEd6CU9Fo8d67hNmeKa43q

Malware Config

Extracted

Family

redline

Botnet

gena

C2

185.161.248.73:4164

Attributes
  • auth_value

    d05bf43eef533e262271449829751d07

Targets

    • Target

      2638e60aac255c92586d7818bef2c896bea1e942d0e3679c3b6b02a42d28724f

    • Size

      582KB

    • MD5

      8f14833d1412aaa586ba64fd6ef6a573

    • SHA1

      85831f31aa378becfb8e48d8c9c801f963a986f1

    • SHA256

      2638e60aac255c92586d7818bef2c896bea1e942d0e3679c3b6b02a42d28724f

    • SHA512

      2be226858b41c24c627f991d208f835647c98d124e1f4602a5d46697297aa6b013a847eb17923096eba61330835d57d8ac6213318575161e6c2e6d3dc7749887

    • SSDEEP

      12288:ZsLi9pW/d6CU9XVo8dY9o67hNmeKbu163q:ZGiEd6CU9Fo8d67hNmeKa43q

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks