General

  • Target

    b5c7b70ac67f0424726c9223e0b2e850953e09ce3d9d169c8d2d46c2048daf97

  • Size

    529KB

  • Sample

    241108-cavbkasflh

  • MD5

    d7bb0dea86dd75609eb37e6d42f74f19

  • SHA1

    0c55b6057e1acf5f38aa9735e04e248317b04a2c

  • SHA256

    b5c7b70ac67f0424726c9223e0b2e850953e09ce3d9d169c8d2d46c2048daf97

  • SHA512

    a29b741e3bfb962692f9ca838f951e111894279f20007e399c79205e0971456693805c7e92d0f5a0e394e879076bc17b0ea787434368d9377e973ff07d1f5ffd

  • SSDEEP

    12288:R1eptFyNcfPDMziOl3J2e65nIZR65uq2WNNuTT4Ql2qav5QkS:R1IFdnDDOl3J2e6+ZR65EWPoT4QZ5

Malware Config

Extracted

Family

redline

Botnet

fukia

C2

193.233.20.13:4136

Attributes
  • auth_value

    e5783636fbd9e4f0cf9a017bce02e67e

Targets

    • Target

      275db2bbbd631acf176a14e1830ef2c2bd6037b888b17a291aeb38d4810b0648.exe

    • Size

      580KB

    • MD5

      b54a14ce7774a7cd6b6bdd7c49c28e7f

    • SHA1

      f53bdb3899ac62a2364e79edada2d65dc078900b

    • SHA256

      275db2bbbd631acf176a14e1830ef2c2bd6037b888b17a291aeb38d4810b0648

    • SHA512

      8f0943c80f6e54744a221a88ce836f2e1fcd7ac45313bdfa4245bf1dea5c206b2cc3a1b055e231ca19b51f7551d266b9a7f7ec668b7deea16adb61eba6add192

    • SSDEEP

      12288:aMrhy90YZXgtVelIPsfXanZmwNE0W0ZI/FC/UXkUmGas6za99Q:HyzZXoVDPsvanZm70tGOikUmJl

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks