General

  • Target

    f0ae05b98e82a38bd1a3c76d75a2a203f47ba4365c09bf67876ba73e9a3e4b6aN.exe

  • Size

    583KB

  • Sample

    241115-zl1daavrdq

  • MD5

    02b4d93f767751a0487154327eaab9b0

  • SHA1

    c934b16ea80e4123678b8b233fea7b9a8532c241

  • SHA256

    f0ae05b98e82a38bd1a3c76d75a2a203f47ba4365c09bf67876ba73e9a3e4b6a

  • SHA512

    cffa1d50374a107eb2f608c98197571b64a4c5fbb5941070aaf67c5d36f2846548971710d32ab413b3cf3791581b46245f8d3629fb0f57b932c1435985763007

  • SSDEEP

    6144:u+8ywtMOWjpbIOH1Wz/e2FzirHJtR/j58IlRIZnhmKvA25PJgpSj22LW:R81tMOW900Wz/dFz8Hj154hmjMgSj2

Malware Config

Extracted

Family

redline

Botnet

gena

C2

185.161.248.73:4164

Attributes
  • auth_value

    d05bf43eef533e262271449829751d07

Targets

    • Target

      f0ae05b98e82a38bd1a3c76d75a2a203f47ba4365c09bf67876ba73e9a3e4b6aN.exe

    • Size

      583KB

    • MD5

      02b4d93f767751a0487154327eaab9b0

    • SHA1

      c934b16ea80e4123678b8b233fea7b9a8532c241

    • SHA256

      f0ae05b98e82a38bd1a3c76d75a2a203f47ba4365c09bf67876ba73e9a3e4b6a

    • SHA512

      cffa1d50374a107eb2f608c98197571b64a4c5fbb5941070aaf67c5d36f2846548971710d32ab413b3cf3791581b46245f8d3629fb0f57b932c1435985763007

    • SSDEEP

      6144:u+8ywtMOWjpbIOH1Wz/e2FzirHJtR/j58IlRIZnhmKvA25PJgpSj22LW:R81tMOW900Wz/dFz8Hj154hmjMgSj2

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks