General

  • Target

    52f765844623c2f90315854ca382dca7f7ef1a177e87f482fcb7998f540406e0N.exe

  • Size

    844KB

  • Sample

    241114-hkwv2awarp

  • MD5

    80c5e9c28271e21d5a6b88fa6c819c00

  • SHA1

    31fb791a8f63c7821bc475788b12e96dfbb933fe

  • SHA256

    52f765844623c2f90315854ca382dca7f7ef1a177e87f482fcb7998f540406e0

  • SHA512

    83862d521f563c7afd58429b2ce8e35308cc433608af84eb27a008c79d4b40454624321a1cd1b05c7c213160a39c22f3f3a21365f9543386d34ec3e80de4ab24

  • SSDEEP

    12288:8y90dKVLtW0TkHKRxct8Daan4Mxwj4VvH6ApLrrB6JUF1/9BK3RdvuyzTwSVa3d:8yZRtBGKnd1aEL/CUFFPK3RddT2d

Malware Config

Extracted

Family

redline

Botnet

most

C2

185.161.248.73:4164

Attributes
  • auth_value

    7da4dfa153f2919e617aa016f7c36008

Targets

    • Target

      52f765844623c2f90315854ca382dca7f7ef1a177e87f482fcb7998f540406e0N.exe

    • Size

      844KB

    • MD5

      80c5e9c28271e21d5a6b88fa6c819c00

    • SHA1

      31fb791a8f63c7821bc475788b12e96dfbb933fe

    • SHA256

      52f765844623c2f90315854ca382dca7f7ef1a177e87f482fcb7998f540406e0

    • SHA512

      83862d521f563c7afd58429b2ce8e35308cc433608af84eb27a008c79d4b40454624321a1cd1b05c7c213160a39c22f3f3a21365f9543386d34ec3e80de4ab24

    • SSDEEP

      12288:8y90dKVLtW0TkHKRxct8Daan4Mxwj4VvH6ApLrrB6JUF1/9BK3RdvuyzTwSVa3d:8yZRtBGKnd1aEL/CUFFPK3RddT2d

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks