redline | fc458371368ddd5d1cca2954a55ee367c048c8c8bd936d3cd2deceec2fed81b4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fc458371368ddd5d1cca2954a55ee367c048c8c8bd936d3cd2deceec2fed81b4
Size

472KB
Sample

230212-pm674sdh58
MD5

48e6a8f6455468fdee319f8805cbcabf
SHA1

dd919127c4dbb7e0f050f810c31b55a3b0f9bd37
SHA256

fc458371368ddd5d1cca2954a55ee367c048c8c8bd936d3cd2deceec2fed81b4
SHA512

a915666a265a5acb5965a118e38aeec02091c94920b28ac990ad5a45ef0155931a6bbb41c8521148ad2001ed502bd7e36865196ed23145da914e8835bcc83186
SSDEEP

6144:KMy+bnr+2p0yN90QEdXdT6VBouFo+yWkywF4+v54ObjdMTxrf1ZtlxL0y/CAgvv/:8Mrey90zh6VC++QObjUrffJTCju0Dv

Score

10^/10

redline fusa infostealer persistence spyware stealer

Malware Config

Extracted

Family

redline

Botnet

fusa

C2

193.233.20.12:4132

Attributes

auth_value
a08b2f01bd2af756e38c5dd60e87e697

Targets

- Target
  
  fc458371368ddd5d1cca2954a55ee367c048c8c8bd936d3cd2deceec2fed81b4
- Size
  
  472KB
- MD5
  
  48e6a8f6455468fdee319f8805cbcabf
- SHA1
  
  dd919127c4dbb7e0f050f810c31b55a3b0f9bd37
- SHA256
  
  fc458371368ddd5d1cca2954a55ee367c048c8c8bd936d3cd2deceec2fed81b4
- SHA512
  
  a915666a265a5acb5965a118e38aeec02091c94920b28ac990ad5a45ef0155931a6bbb41c8521148ad2001ed502bd7e36865196ed23145da914e8835bcc83186
- SSDEEP
  
  6144:KMy+bnr+2p0yN90QEdXdT6VBouFo+yWkywF4+v54ObjdMTxrf1ZtlxL0y/CAgvv/:8Mrey90zh6VC++QObjUrffJTCju0Dv
Score

10^/10

redline fusa infostealer persistence spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinefusainfostealerpersistencespywarestealer