General

  • Target

    af9946ffb432459ef1503fcc00736583f5281fdad55ad095931ffe593d132d74

  • Size

    8.1MB

  • Sample

    241212-zjb8nsxjdy

  • MD5

    d6e69be656af26b6f4fda79eda3de0f3

  • SHA1

    cadf54b019c4202847c12cc8d84807ea1fd07b5e

  • SHA256

    af9946ffb432459ef1503fcc00736583f5281fdad55ad095931ffe593d132d74

  • SHA512

    e1773782f278f91493984d9226e559a18004a80c0883066111ef0f147fa0e0bf65c7fe22b26026779309ceb3aad81ffbf5796c3c79981402b73c1fa2fa9f5c49

  • SSDEEP

    196608:tAUdsL+AUdsLmAUdsLmAUdsLmAUdsLmAUdsk:tPq+PqmPqmPqmPqmPF

Malware Config

Extracted

Family

redline

Botnet

816FA

C2

88.99.151.68:7200

Targets

    • Target

      af9946ffb432459ef1503fcc00736583f5281fdad55ad095931ffe593d132d74

    • Size

      8.1MB

    • MD5

      d6e69be656af26b6f4fda79eda3de0f3

    • SHA1

      cadf54b019c4202847c12cc8d84807ea1fd07b5e

    • SHA256

      af9946ffb432459ef1503fcc00736583f5281fdad55ad095931ffe593d132d74

    • SHA512

      e1773782f278f91493984d9226e559a18004a80c0883066111ef0f147fa0e0bf65c7fe22b26026779309ceb3aad81ffbf5796c3c79981402b73c1fa2fa9f5c49

    • SSDEEP

      196608:tAUdsL+AUdsLmAUdsLmAUdsLmAUdsLmAUdsk:tPq+PqmPqmPqmPqmPF

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks