General

  • Target

    f8880a8773a3bf732e6e4fde99a69f536ef017ab60e7c77df89eba87f00018e4

  • Size

    480KB

  • Sample

    241108-axavbs1emk

  • MD5

    ccaa709f2fef3dfdd79e6c72535966c9

  • SHA1

    91f88f6774d93da15d6e64572f6e1767c0e85285

  • SHA256

    f8880a8773a3bf732e6e4fde99a69f536ef017ab60e7c77df89eba87f00018e4

  • SHA512

    3b91bb630399fcb8a11b3320818e21388d8c90beaff54bf782a0fd97877b8907a65173b515097b094c2641c0bdb37ad1d29a0f6c799e7bf69fd4c1d1f29d3eda

  • SSDEEP

    12288:LMrfy90ogIjVS79bg6ifVO9zpfr9zo13u+d:QytpVCCIdRM1++d

Malware Config

Extracted

Family

redline

Botnet

fukia

C2

193.233.20.13:4136

Attributes
  • auth_value

    e5783636fbd9e4f0cf9a017bce02e67e

Targets

    • Target

      f8880a8773a3bf732e6e4fde99a69f536ef017ab60e7c77df89eba87f00018e4

    • Size

      480KB

    • MD5

      ccaa709f2fef3dfdd79e6c72535966c9

    • SHA1

      91f88f6774d93da15d6e64572f6e1767c0e85285

    • SHA256

      f8880a8773a3bf732e6e4fde99a69f536ef017ab60e7c77df89eba87f00018e4

    • SHA512

      3b91bb630399fcb8a11b3320818e21388d8c90beaff54bf782a0fd97877b8907a65173b515097b094c2641c0bdb37ad1d29a0f6c799e7bf69fd4c1d1f29d3eda

    • SSDEEP

      12288:LMrfy90ogIjVS79bg6ifVO9zpfr9zo13u+d:QytpVCCIdRM1++d

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks