General

  • Target

    de1d33675a6408b562c3464db13576b96ae2095ce00d5e5508c3dd3ead771dab

  • Size

    472KB

  • Sample

    241109-1962eatejr

  • MD5

    4520a1a0cdc07c2528a1ee753cd04887

  • SHA1

    8309bc57ab12abb70308ea495d6c8992bce91d64

  • SHA256

    de1d33675a6408b562c3464db13576b96ae2095ce00d5e5508c3dd3ead771dab

  • SHA512

    d0180e3cf84f7d4e6c4f97d31fa89c8262dea4b38c6c01ea1e83deeeec592ebf316d07aea3e35ef02210eea3aaa44e09c05e1c95989831fc96555baee7d9fd1f

  • SSDEEP

    12288:hMrfy90AQapyPxVM9Q5D1UahrBobCvEmqADd1Z:ayRRp4VOQ5hUurBFP

Malware Config

Extracted

Family

redline

Botnet

fusa

C2

193.233.20.12:4132

Attributes
  • auth_value

    a08b2f01bd2af756e38c5dd60e87e697

Targets

    • Target

      de1d33675a6408b562c3464db13576b96ae2095ce00d5e5508c3dd3ead771dab

    • Size

      472KB

    • MD5

      4520a1a0cdc07c2528a1ee753cd04887

    • SHA1

      8309bc57ab12abb70308ea495d6c8992bce91d64

    • SHA256

      de1d33675a6408b562c3464db13576b96ae2095ce00d5e5508c3dd3ead771dab

    • SHA512

      d0180e3cf84f7d4e6c4f97d31fa89c8262dea4b38c6c01ea1e83deeeec592ebf316d07aea3e35ef02210eea3aaa44e09c05e1c95989831fc96555baee7d9fd1f

    • SSDEEP

      12288:hMrfy90AQapyPxVM9Q5D1UahrBobCvEmqADd1Z:ayRRp4VOQ5hUurBFP

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks