redline | d9ccc39b31a0b77884849f47f8c82c1391d832910a8a1715e5dc48d1ab5ef630 | Triage

Sharing

General

Target

d9ccc39b31a0b77884849f47f8c82c1391d832910a8a1715e5dc48d1ab5ef630
Size

477KB
Sample

230211-zpz7paac73
MD5

66f377f950d1afb0b2decb8fc7165456
SHA1

37f2fed8f7d023f0a6d457aacd11c9ca73c4afae
SHA256

d9ccc39b31a0b77884849f47f8c82c1391d832910a8a1715e5dc48d1ab5ef630
SHA512

b8ff1cf30694aab6b11452345379c06461ec894cadcf6074c433262b433eef803c093538de934a48765ce583e26ceed558c0a372a2ffbede39c211ef64233aa1
SSDEEP

12288:PMrny903EZOJTBQxALI6NUpj5gpfH8aJS8XTb0dd0hn:UybYl+eM6NBfH9JS8X44

Score

10^/10

redline fusa infostealer persistence spyware stealer

Malware Config

Extracted

Family

redline

Botnet

fusa

C2

193.233.20.12:4132

Attributes

auth_value
a08b2f01bd2af756e38c5dd60e87e697

Targets

- Target
  
  d9ccc39b31a0b77884849f47f8c82c1391d832910a8a1715e5dc48d1ab5ef630
- Size
  
  477KB
- MD5
  
  66f377f950d1afb0b2decb8fc7165456
- SHA1
  
  37f2fed8f7d023f0a6d457aacd11c9ca73c4afae
- SHA256
  
  d9ccc39b31a0b77884849f47f8c82c1391d832910a8a1715e5dc48d1ab5ef630
- SHA512
  
  b8ff1cf30694aab6b11452345379c06461ec894cadcf6074c433262b433eef803c093538de934a48765ce583e26ceed558c0a372a2ffbede39c211ef64233aa1
- SSDEEP
  
  12288:PMrny903EZOJTBQxALI6NUpj5gpfH8aJS8XTb0dd0hn:UybYl+eM6NBfH9JS8X44
Score

10^/10

redline fusa infostealer persistence spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinefusainfostealerpersistencespywarestealer