General

  • Target

    9e0caa6e2ae8fa6ab12871aea37c7770c2624b27b1f78fb5fcac762b87319d3f

  • Size

    477KB

  • Sample

    241108-j9zhwszakq

  • MD5

    b6838befd6febc78be2046e6d28b0e39

  • SHA1

    9d5f31196eab19df8d8b8483b44b345017e230b4

  • SHA256

    9e0caa6e2ae8fa6ab12871aea37c7770c2624b27b1f78fb5fcac762b87319d3f

  • SHA512

    ebb32ff8c8c01900d0f16f23e7065a72baedb7f9c31ca216d3fde3fcd7e0eaa0438d4fd20749839bc7b7ca007d55cfab26edc975e205b027c4b05ff4bb3a2205

  • SSDEEP

    12288:9Mrhy90+qD18VFsyINOs8dHiTjNQJcIqmp:YyUDuVhg8yjNYc0

Malware Config

Extracted

Family

redline

Botnet

fukia

C2

193.233.20.13:4136

Attributes
  • auth_value

    e5783636fbd9e4f0cf9a017bce02e67e

Targets

    • Target

      9e0caa6e2ae8fa6ab12871aea37c7770c2624b27b1f78fb5fcac762b87319d3f

    • Size

      477KB

    • MD5

      b6838befd6febc78be2046e6d28b0e39

    • SHA1

      9d5f31196eab19df8d8b8483b44b345017e230b4

    • SHA256

      9e0caa6e2ae8fa6ab12871aea37c7770c2624b27b1f78fb5fcac762b87319d3f

    • SHA512

      ebb32ff8c8c01900d0f16f23e7065a72baedb7f9c31ca216d3fde3fcd7e0eaa0438d4fd20749839bc7b7ca007d55cfab26edc975e205b027c4b05ff4bb3a2205

    • SSDEEP

      12288:9Mrhy90+qD18VFsyINOs8dHiTjNQJcIqmp:YyUDuVhg8yjNYc0

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks