General

  • Target

    33d0861ad27092e8968fa8f0801744d4d59de282cce9521f485bd5d803407eb3.exe

  • Size

    581KB

  • Sample

    241113-rxexqaxjfp

  • MD5

    25d5cd62752303fd97d26409c19f3518

  • SHA1

    7d12a9ab1a2763020e9d0cd56341d7a7219232ed

  • SHA256

    33d0861ad27092e8968fa8f0801744d4d59de282cce9521f485bd5d803407eb3

  • SHA512

    8c90ff4a516a219fd31b3cc1ecdf2b2a3f32d7b44d76650bd683318bf752ff892e53d0fddbbb1d03d2d7730e4187ac571023e8b64d67d8616d862805a94cb37d

  • SSDEEP

    12288:KvAh3cpq/5gZl2/u4RLZftnpnw/q5J2QC1Qg:oAWbZl2LfBpnw/q/27v

Malware Config

Extracted

Family

redline

Botnet

gena

C2

185.161.248.73:4164

Attributes
  • auth_value

    d05bf43eef533e262271449829751d07

Targets

    • Target

      33d0861ad27092e8968fa8f0801744d4d59de282cce9521f485bd5d803407eb3.exe

    • Size

      581KB

    • MD5

      25d5cd62752303fd97d26409c19f3518

    • SHA1

      7d12a9ab1a2763020e9d0cd56341d7a7219232ed

    • SHA256

      33d0861ad27092e8968fa8f0801744d4d59de282cce9521f485bd5d803407eb3

    • SHA512

      8c90ff4a516a219fd31b3cc1ecdf2b2a3f32d7b44d76650bd683318bf752ff892e53d0fddbbb1d03d2d7730e4187ac571023e8b64d67d8616d862805a94cb37d

    • SSDEEP

      12288:KvAh3cpq/5gZl2/u4RLZftnpnw/q5J2QC1Qg:oAWbZl2LfBpnw/q/27v

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks