General

  • Target

    59440d6673b231a4df3ae8a4e0c48650f58c09b2b058bae38725610b4f8ce90b.exe

  • Size

    427KB

  • Sample

    241113-ypqsks1qfp

  • MD5

    62f3988964902773912b38eb0aaad68f

  • SHA1

    1ac4e5a6550dd6a4ab68c87f3fd6255064b6409f

  • SHA256

    59440d6673b231a4df3ae8a4e0c48650f58c09b2b058bae38725610b4f8ce90b

  • SHA512

    99dd0dc28e754a068a63d347c4a5b5faef68d35a52dece839a706197b6800d0541b0332bb982d99f8ac3f0ebb247012e65fc04ceb4a961633a441e026fb31afd

  • SSDEEP

    12288:Pk1JXkSu27c22f3ZNW55VfU4PrgUHL2yRG/o+:kNkb27iZNWdu

Malware Config

Extracted

Family

redline

Botnet

norm

C2

77.91.124.145:4125

Attributes
  • auth_value

    1514e6c0ec3d10a36f68f61b206f5759

Targets

    • Target

      59440d6673b231a4df3ae8a4e0c48650f58c09b2b058bae38725610b4f8ce90b.exe

    • Size

      427KB

    • MD5

      62f3988964902773912b38eb0aaad68f

    • SHA1

      1ac4e5a6550dd6a4ab68c87f3fd6255064b6409f

    • SHA256

      59440d6673b231a4df3ae8a4e0c48650f58c09b2b058bae38725610b4f8ce90b

    • SHA512

      99dd0dc28e754a068a63d347c4a5b5faef68d35a52dece839a706197b6800d0541b0332bb982d99f8ac3f0ebb247012e65fc04ceb4a961633a441e026fb31afd

    • SSDEEP

      12288:Pk1JXkSu27c22f3ZNW55VfU4PrgUHL2yRG/o+:kNkb27iZNWdu

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks