General

  • Target

    1aed039d3f69c33316ce43bc8b989f658974836c8679e72ca826584551930829.exe

  • Size

    578KB

  • Sample

    241113-y169psydkh

  • MD5

    b8ceff724b19f20bf74f75befed1b601

  • SHA1

    028bfd21a585705f7aecddfd4db7c380af233bee

  • SHA256

    1aed039d3f69c33316ce43bc8b989f658974836c8679e72ca826584551930829

  • SHA512

    c6794580ce9a34a134860a00f7f7ded0fd8431e1e8988cdba7c25a73c01bb6b0f7d2f1cc9ea3b6bf30fcceae156df4edf6f7e297d4b9d98810316fd16fc5ff48

  • SSDEEP

    12288:Cy90qtZxqNAI53IXBivt52SGphms6qL2LgpY:Cyt+AIDvtkdP6qLhY

Malware Config

Extracted

Family

redline

Botnet

gena

C2

185.161.248.73:4164

Attributes
  • auth_value

    d05bf43eef533e262271449829751d07

Extracted

Family

redline

Botnet

dark

C2

185.161.248.73:4164

Attributes
  • auth_value

    ae85b01f66afe8770afeed560513fc2d

Targets

    • Target

      1aed039d3f69c33316ce43bc8b989f658974836c8679e72ca826584551930829.exe

    • Size

      578KB

    • MD5

      b8ceff724b19f20bf74f75befed1b601

    • SHA1

      028bfd21a585705f7aecddfd4db7c380af233bee

    • SHA256

      1aed039d3f69c33316ce43bc8b989f658974836c8679e72ca826584551930829

    • SHA512

      c6794580ce9a34a134860a00f7f7ded0fd8431e1e8988cdba7c25a73c01bb6b0f7d2f1cc9ea3b6bf30fcceae156df4edf6f7e297d4b9d98810316fd16fc5ff48

    • SSDEEP

      12288:Cy90qtZxqNAI53IXBivt52SGphms6qL2LgpY:Cyt+AIDvtkdP6qLhY

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks