General

  • Target

    d0127a58d02fa1f340b62297df88a730b7db1199955aea293477a1ebb8393ba4

  • Size

    478KB

  • Sample

    241109-t1zgmsxhkc

  • MD5

    73d04fea75ce60a3bf9e9bd4701684f8

  • SHA1

    0a1b6801a5bbb61c0f7c8af168f396448babe95a

  • SHA256

    d0127a58d02fa1f340b62297df88a730b7db1199955aea293477a1ebb8393ba4

  • SHA512

    77759b53514c47656655e2dcc9f9e6ee91da3c09b7fef8d4dcd0575f743f319c6cadd2586b6fe1339258e5393eed0eaa4d6ff19ebfd70a845f3af5448e2c50f2

  • SSDEEP

    12288:yMrhy90I3Al1FvmVYg6J1b2dqS2HfmlwlaXnKDLG:zyerFeVEfb2d9MeC2KW

Malware Config

Extracted

Family

redline

Botnet

fusa

C2

193.233.20.12:4132

Attributes
  • auth_value

    a08b2f01bd2af756e38c5dd60e87e697

Targets

    • Target

      d0127a58d02fa1f340b62297df88a730b7db1199955aea293477a1ebb8393ba4

    • Size

      478KB

    • MD5

      73d04fea75ce60a3bf9e9bd4701684f8

    • SHA1

      0a1b6801a5bbb61c0f7c8af168f396448babe95a

    • SHA256

      d0127a58d02fa1f340b62297df88a730b7db1199955aea293477a1ebb8393ba4

    • SHA512

      77759b53514c47656655e2dcc9f9e6ee91da3c09b7fef8d4dcd0575f743f319c6cadd2586b6fe1339258e5393eed0eaa4d6ff19ebfd70a845f3af5448e2c50f2

    • SSDEEP

      12288:yMrhy90I3Al1FvmVYg6J1b2dqS2HfmlwlaXnKDLG:zyerFeVEfb2d9MeC2KW

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks