Overview

overview

10

Static

static

3

68a9c2e3c7...3N.exe

windows7-x64

10

68a9c2e3c7...3N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    68a9c2e3c7274899098414d1ffe1f56544ff9fe14f72dabe3d547e3813b76713N.exe

  • Size

    574KB

  • Sample

    241114-kj3y3awfrk

  • MD5

    cf60ba576ad71825d8bbcbf26344a750

  • SHA1

    766ef80a07e73b8e5efb53af39abb104858a222c

  • SHA256

    68a9c2e3c7274899098414d1ffe1f56544ff9fe14f72dabe3d547e3813b76713

  • SHA512

    f79ab70e74b34b21a544534b9b24dfdd2970c32a65ad61ea5be3d892b35c420e9ea5cbae1b713ea3160b25bbd7d7a7af8acbd19b6333be8014f737a2a7e764e8

  • SSDEEP

    12288:YlvTqsKami8mOB+C+uiDum8SPl/O+50NzXTKbx7SK:Ylbqbi8d+P1KjSN/z50dDKbx7L

Score
10/10
redlinegenadiscoveryinfostealer

Malware Config

Extracted

Family

redline

Botnet

gena

C2

185.161.248.73:4164

Attributes
  • auth_value

    d05bf43eef533e262271449829751d07

Targets

    • Target

      68a9c2e3c7274899098414d1ffe1f56544ff9fe14f72dabe3d547e3813b76713N.exe

    • Size

      574KB

    • MD5

      cf60ba576ad71825d8bbcbf26344a750

    • SHA1

      766ef80a07e73b8e5efb53af39abb104858a222c

    • SHA256

      68a9c2e3c7274899098414d1ffe1f56544ff9fe14f72dabe3d547e3813b76713

    • SHA512

      f79ab70e74b34b21a544534b9b24dfdd2970c32a65ad61ea5be3d892b35c420e9ea5cbae1b713ea3160b25bbd7d7a7af8acbd19b6333be8014f737a2a7e764e8

    • SSDEEP

      12288:YlvTqsKami8mOB+C+uiDum8SPl/O+50NzXTKbx7SK:Ylbqbi8d+P1KjSN/z50dDKbx7L

    Score
    10/10
    redlinegenadiscoveryinfostealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks