redline | e06bd40eeccb594535de11f72bb5fb4ff12a790978c4a639c836cd61025e55f7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e06bd40eeccb594535de11f72bb5fb4ff12a790978c4a639c836cd61025e55f7
Size

551KB
Sample

230211-psmewscb8w
MD5

d857156372904be8c5f12b33e5abb5ad
SHA1

44b71bd920a69a5f542768e854183cd84eadcd55
SHA256

e06bd40eeccb594535de11f72bb5fb4ff12a790978c4a639c836cd61025e55f7
SHA512

b2a526dbd2657f4083c20d3ec1cb7638bc63e9e922d8956f7b59620a927ac131c68f01e3aff926e33314dc286aae62efabf18e89afc27f875ec96970037488cb
SSDEEP

12288:EMrEy90QJXVHpqVRGGyrOQEPDodHGk5Gh44NhS1W:gyRX1EVwOQvou4rS1W

Score

10^/10

redline fusa infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

fusa

C2

193.233.20.12:4132

Attributes

auth_value
a08b2f01bd2af756e38c5dd60e87e697

Targets

- Target
  
  e06bd40eeccb594535de11f72bb5fb4ff12a790978c4a639c836cd61025e55f7
- Size
  
  551KB
- MD5
  
  d857156372904be8c5f12b33e5abb5ad
- SHA1
  
  44b71bd920a69a5f542768e854183cd84eadcd55
- SHA256
  
  e06bd40eeccb594535de11f72bb5fb4ff12a790978c4a639c836cd61025e55f7
- SHA512
  
  b2a526dbd2657f4083c20d3ec1cb7638bc63e9e922d8956f7b59620a927ac131c68f01e3aff926e33314dc286aae62efabf18e89afc27f875ec96970037488cb
- SSDEEP
  
  12288:EMrEy90QJXVHpqVRGGyrOQEPDodHGk5Gh44NhS1W:gyRX1EVwOQvou4rS1W
Score

10^/10

redline fusa infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinefusainfostealerpersistence