General

  • Target

    dbefd1c534c5fc36e80fd262da4e64e26d54f05a7d00b4a73af6e15440660f35

  • Size

    539KB

  • Sample

    241109-1dkhjasfrb

  • MD5

    1b667763a7c7952d68a0f5afa3d8ca4b

  • SHA1

    2dc28e83644a0c890fd4180ee18799977a076a83

  • SHA256

    dbefd1c534c5fc36e80fd262da4e64e26d54f05a7d00b4a73af6e15440660f35

  • SHA512

    f2914bc4a765b6a3c81ac1be1d3878fe8b0cfa437587e0234079a4196bc9295fdb7319663b48a96b23352683ed7b94cbf57a89615c0f9e2af9e2240a4ac7552d

  • SSDEEP

    12288:SMrFy90u6Fr/eP2idIPg0mQ6wa3d82pS9hYd/kt8LMA:Lyi9GuidAg0mZwa3d8kAV0R

Malware Config

Extracted

Family

redline

Botnet

fuka

C2

193.233.20.11:4131

Attributes
  • auth_value

    90eef520554ef188793d77ecc34217bf

Targets

    • Target

      dbefd1c534c5fc36e80fd262da4e64e26d54f05a7d00b4a73af6e15440660f35

    • Size

      539KB

    • MD5

      1b667763a7c7952d68a0f5afa3d8ca4b

    • SHA1

      2dc28e83644a0c890fd4180ee18799977a076a83

    • SHA256

      dbefd1c534c5fc36e80fd262da4e64e26d54f05a7d00b4a73af6e15440660f35

    • SHA512

      f2914bc4a765b6a3c81ac1be1d3878fe8b0cfa437587e0234079a4196bc9295fdb7319663b48a96b23352683ed7b94cbf57a89615c0f9e2af9e2240a4ac7552d

    • SSDEEP

      12288:SMrFy90u6Fr/eP2idIPg0mQ6wa3d82pS9hYd/kt8LMA:Lyi9GuidAg0mZwa3d8kAV0R

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks