Overview

overview

10

Static

static

3

c6c50a8215...7f.exe

windows7-x64

10

c6c50a8215...7f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c6c50a821520f8f6a05afb51151da2dc264dbcea363b9dff48b7765d8152857f

  • Size

    575KB

  • Sample

    241113-c513laykbl

  • MD5

    52a448ffa529003e1eb3a240b0e7e8a3

  • SHA1

    d18c1330fd88be81d76b97f0af43962f2bb8c4a8

  • SHA256

    c6c50a821520f8f6a05afb51151da2dc264dbcea363b9dff48b7765d8152857f

  • SHA512

    63ccbe9d0e7f6c20e439e42582ccdbaad4eb628aa61c88c2ab23e0eab5ad848c9866a73c95570f1f62e0e4e1ca86c285454f2f26a3f7f953067cde2ec5bb27d9

  • SSDEEP

    12288:UfFDWVhxEkmWSTh7QC164PNG7G24r4zdM4N:aFC4kmWsv1DVG7G2Fdz

Score
10/10
redlinegenadiscoveryinfostealer

Malware Config

Extracted

Family

redline

Botnet

gena

C2

185.161.248.73:4164

Attributes
  • auth_value

    d05bf43eef533e262271449829751d07

Targets

    • Target

      c6c50a821520f8f6a05afb51151da2dc264dbcea363b9dff48b7765d8152857f

    • Size

      575KB

    • MD5

      52a448ffa529003e1eb3a240b0e7e8a3

    • SHA1

      d18c1330fd88be81d76b97f0af43962f2bb8c4a8

    • SHA256

      c6c50a821520f8f6a05afb51151da2dc264dbcea363b9dff48b7765d8152857f

    • SHA512

      63ccbe9d0e7f6c20e439e42582ccdbaad4eb628aa61c88c2ab23e0eab5ad848c9866a73c95570f1f62e0e4e1ca86c285454f2f26a3f7f953067cde2ec5bb27d9

    • SSDEEP

      12288:UfFDWVhxEkmWSTh7QC164PNG7G24r4zdM4N:aFC4kmWsv1DVG7G2Fdz

    Score
    10/10
    redlinegenadiscoveryinfostealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks