General

  • Target

    c14b796c2475b8e66ca11a068b7c23422b944e52b04e3d2e3b468e654f4f574dN

  • Size

    480KB

  • Sample

    241109-15xl6stdka

  • MD5

    a7d5193c3692beb62bf38fd4af3c2680

  • SHA1

    ab1755cf44cd9fbfeaf0f99244190fb3e43d0299

  • SHA256

    c14b796c2475b8e66ca11a068b7c23422b944e52b04e3d2e3b468e654f4f574d

  • SHA512

    7761658a7ef09bef0c94ab8c931b7e497fa84d41c7b75af1f9fb91981ccc3bde5e46b7c11771aaa08cb5a5f7663feb98d2fc2e4b30998835698bfb860e8a0fe4

  • SSDEEP

    12288:FMrRy90OwVBaR4zAaEKAnR42KRQEa9jJS/q:QyV6s3aEBna2KmEUJSy

Malware Config

Extracted

Family

redline

Botnet

fuka

C2

193.233.20.11:4131

Attributes
  • auth_value

    90eef520554ef188793d77ecc34217bf

Targets

    • Target

      c14b796c2475b8e66ca11a068b7c23422b944e52b04e3d2e3b468e654f4f574dN

    • Size

      480KB

    • MD5

      a7d5193c3692beb62bf38fd4af3c2680

    • SHA1

      ab1755cf44cd9fbfeaf0f99244190fb3e43d0299

    • SHA256

      c14b796c2475b8e66ca11a068b7c23422b944e52b04e3d2e3b468e654f4f574d

    • SHA512

      7761658a7ef09bef0c94ab8c931b7e497fa84d41c7b75af1f9fb91981ccc3bde5e46b7c11771aaa08cb5a5f7663feb98d2fc2e4b30998835698bfb860e8a0fe4

    • SSDEEP

      12288:FMrRy90OwVBaR4zAaEKAnR42KRQEa9jJS/q:QyV6s3aEBna2KmEUJSy

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks