General

  • Target

    07be943bf2865ec038460d302867e54b874e101aae5db4d1f75531e447db877d.exe

  • Size

    581KB

  • Sample

    241113-pp216svpeq

  • MD5

    593e47c59bbfc31b3a0ab2270e44050e

  • SHA1

    5e27924deacc2872506d3c53da049bda2e83da63

  • SHA256

    07be943bf2865ec038460d302867e54b874e101aae5db4d1f75531e447db877d

  • SHA512

    25c4a637caee66aa6154c95fdb504886c2064c2a0a5d002e74f6a9699a011e18d1c4725d121fc8370e81e8001a1ef35c8cfa4017682163af0c0b5f0e8b5150d0

  • SSDEEP

    12288:2gnXCptMOVe6UUOA2OFwXy+d15GVXLGrLmRFR:2WX+VBUUoOFwC+9GNL2cR

Malware Config

Extracted

Family

redline

Botnet

gena

C2

185.161.248.73:4164

Attributes
  • auth_value

    d05bf43eef533e262271449829751d07

Targets

    • Target

      07be943bf2865ec038460d302867e54b874e101aae5db4d1f75531e447db877d.exe

    • Size

      581KB

    • MD5

      593e47c59bbfc31b3a0ab2270e44050e

    • SHA1

      5e27924deacc2872506d3c53da049bda2e83da63

    • SHA256

      07be943bf2865ec038460d302867e54b874e101aae5db4d1f75531e447db877d

    • SHA512

      25c4a637caee66aa6154c95fdb504886c2064c2a0a5d002e74f6a9699a011e18d1c4725d121fc8370e81e8001a1ef35c8cfa4017682163af0c0b5f0e8b5150d0

    • SSDEEP

      12288:2gnXCptMOVe6UUOA2OFwXy+d15GVXLGrLmRFR:2WX+VBUUoOFwC+9GNL2cR

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks