redline | 42085ca9791af096486656486a5b77f1a18b377b6ee5fe603621c8c833aa527b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

42085ca9791af096486656486a5b77f1a18b377b6ee5fe603621c8c833aa527b
Size

724KB
Sample

230211-2zed3scg3t
MD5

c72dc29b7c793ff5af793a8382fb416a
SHA1

d54edaac492972ed5ff35e050c284116384e2d98
SHA256

42085ca9791af096486656486a5b77f1a18b377b6ee5fe603621c8c833aa527b
SHA512

60127e5f9f724af02d6f0d85c413f37cfb9939874e77ca0f02a9535b2b20fd5712188dc39adeb999ba25b84b920f9742a26201ffc69943c2201a167b1e101779
SSDEEP

12288:wMrGy90zyJx0yIWTjXMcXKxsnIPy88FHtIPSb5/zMpr0qoLcRxDEN:mysyDXIkisnIPy88FHtIKtz6r0qoL6a

Score

10^/10

redline fusa infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

fusa

C2

193.233.20.12:4132

Attributes

auth_value
a08b2f01bd2af756e38c5dd60e87e697

Targets

- Target
  
  42085ca9791af096486656486a5b77f1a18b377b6ee5fe603621c8c833aa527b
- Size
  
  724KB
- MD5
  
  c72dc29b7c793ff5af793a8382fb416a
- SHA1
  
  d54edaac492972ed5ff35e050c284116384e2d98
- SHA256
  
  42085ca9791af096486656486a5b77f1a18b377b6ee5fe603621c8c833aa527b
- SHA512
  
  60127e5f9f724af02d6f0d85c413f37cfb9939874e77ca0f02a9535b2b20fd5712188dc39adeb999ba25b84b920f9742a26201ffc69943c2201a167b1e101779
- SSDEEP
  
  12288:wMrGy90zyJx0yIWTjXMcXKxsnIPy88FHtIPSb5/zMpr0qoLcRxDEN:mysyDXIkisnIPy88FHtIKtz6r0qoL6a
Score

10^/10

redline fusa infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinefusainfostealerpersistence