Overview

overview

10

Static

static

3

ecf80f7874...0N.exe

windows7-x64

10

ecf80f7874...0N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ecf80f7874403e941e51c15827a1cfcaf00c68901c176378f077439ba5c12650N.exe

  • Size

    574KB

  • Sample

    241113-enty3awclc

  • MD5

    55031058f4b6106b53e5366665475190

  • SHA1

    51d9fcc22e2b5923d6dcfe7fec4577649e942b55

  • SHA256

    ecf80f7874403e941e51c15827a1cfcaf00c68901c176378f077439ba5c12650

  • SHA512

    e9a3b16396bacf5ff9a2b7678282d83af6f5f8019c17bbac71c0a8a458b7039569519cabc45a215d5c13b3784fab40180bca1a235048a635286e45035c1ac55c

  • SSDEEP

    12288:mlvTqsKami8mOB+C+uiDum8SPl/O+50NzXTKbx7SK:mlbqbi8d+P1KjSN/z50dDKbx7L

Score
10/10
redlinegenadiscoveryinfostealer

Malware Config

Extracted

Family

redline

Botnet

gena

C2

185.161.248.73:4164

Attributes
  • auth_value

    d05bf43eef533e262271449829751d07

Targets

    • Target

      ecf80f7874403e941e51c15827a1cfcaf00c68901c176378f077439ba5c12650N.exe

    • Size

      574KB

    • MD5

      55031058f4b6106b53e5366665475190

    • SHA1

      51d9fcc22e2b5923d6dcfe7fec4577649e942b55

    • SHA256

      ecf80f7874403e941e51c15827a1cfcaf00c68901c176378f077439ba5c12650

    • SHA512

      e9a3b16396bacf5ff9a2b7678282d83af6f5f8019c17bbac71c0a8a458b7039569519cabc45a215d5c13b3784fab40180bca1a235048a635286e45035c1ac55c

    • SSDEEP

      12288:mlvTqsKami8mOB+C+uiDum8SPl/O+50NzXTKbx7SK:mlbqbi8d+P1KjSN/z50dDKbx7L

    Score
    10/10
    redlinegenadiscoveryinfostealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks