General

  • Target

    2d14fb56221a32931639a65a1fd9c1a20cd44db20e0ad732f630ea1056255144N.exe

  • Size

    426KB

  • Sample

    241113-n5mezs1hnk

  • MD5

    e9feba2622c5cd8c63e7fd6391d52910

  • SHA1

    f9f506441e2fa3ad58209408b3ea9efaf08d9135

  • SHA256

    2d14fb56221a32931639a65a1fd9c1a20cd44db20e0ad732f630ea1056255144

  • SHA512

    a2892be3bc92f50f73976e0f279a7e3491237c6100baea597a33a195dfd76201a1f03bba905a153ff04e91eb494be4515acda74992ecaeb239bb9f3da417b0a0

  • SSDEEP

    12288:l/H3y3bGd+hmUSTuNscqpCI8bPszh8kR3:xXEbGd+hmUSTOlbPMBR

Malware Config

Extracted

Family

redline

Botnet

norm

C2

77.91.124.145:4125

Attributes
  • auth_value

    1514e6c0ec3d10a36f68f61b206f5759

Targets

    • Target

      2d14fb56221a32931639a65a1fd9c1a20cd44db20e0ad732f630ea1056255144N.exe

    • Size

      426KB

    • MD5

      e9feba2622c5cd8c63e7fd6391d52910

    • SHA1

      f9f506441e2fa3ad58209408b3ea9efaf08d9135

    • SHA256

      2d14fb56221a32931639a65a1fd9c1a20cd44db20e0ad732f630ea1056255144

    • SHA512

      a2892be3bc92f50f73976e0f279a7e3491237c6100baea597a33a195dfd76201a1f03bba905a153ff04e91eb494be4515acda74992ecaeb239bb9f3da417b0a0

    • SSDEEP

      12288:l/H3y3bGd+hmUSTuNscqpCI8bPszh8kR3:xXEbGd+hmUSTOlbPMBR

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks