General

  • Target

    55d3148d1e390adf9241bb4ee646ce7aa5127f127ea3b74a2c7ded9b278c3ce6

  • Size

    477KB

  • Sample

    241109-s5vhtaxdrn

  • MD5

    3e335a80d69176a7af41f390291240d4

  • SHA1

    91289c92c46f5890fec464d9eb6f29df2c4a8fee

  • SHA256

    55d3148d1e390adf9241bb4ee646ce7aa5127f127ea3b74a2c7ded9b278c3ce6

  • SHA512

    c4417dc90dc6c33d86d28c1e472ba02c75103763d28ace4d3ce7861b97338f66d2235134cf494d80978c9b1d53b68ad7cd2a82f629e7a76b6e65a0bece09c5f8

  • SSDEEP

    12288:1Mrly90IZ1WGR4nF3026GNVJnIhHDFJCHh4gt:8yv1EnF3026UVJnUIh4gt

Malware Config

Extracted

Family

redline

Botnet

fusa

C2

193.233.20.12:4132

Attributes
  • auth_value

    a08b2f01bd2af756e38c5dd60e87e697

Targets

    • Target

      55d3148d1e390adf9241bb4ee646ce7aa5127f127ea3b74a2c7ded9b278c3ce6

    • Size

      477KB

    • MD5

      3e335a80d69176a7af41f390291240d4

    • SHA1

      91289c92c46f5890fec464d9eb6f29df2c4a8fee

    • SHA256

      55d3148d1e390adf9241bb4ee646ce7aa5127f127ea3b74a2c7ded9b278c3ce6

    • SHA512

      c4417dc90dc6c33d86d28c1e472ba02c75103763d28ace4d3ce7861b97338f66d2235134cf494d80978c9b1d53b68ad7cd2a82f629e7a76b6e65a0bece09c5f8

    • SSDEEP

      12288:1Mrly90IZ1WGR4nF3026GNVJnIhHDFJCHh4gt:8yv1EnF3026UVJnUIh4gt

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks