General

  • Target

    d3dfcb317c9ec8646cc32987533425de2ead7624c443ce146c5ce1d02b1e2110

  • Size

    478KB

  • Sample

    241109-tv7wtswrfs

  • MD5

    a9d073500026bfee292d3b09378e554b

  • SHA1

    3f20ef570222055a9cec769b6b98dbbcf469fbb0

  • SHA256

    d3dfcb317c9ec8646cc32987533425de2ead7624c443ce146c5ce1d02b1e2110

  • SHA512

    add4f01595ea1b9f89138dc53f15d363cb8fb4fe385fa1f7e178f8c81976d0f0d71bfd8432b623685f4b7c95a81635853a78f900a440d0363b678dbc8c8fcf52

  • SSDEEP

    12288:oMr7y90D8+1/Wm1YayXSvWcIyHXLIrwoSD:Dy4/j2RSvWcpHXUrvSD

Malware Config

Extracted

Family

redline

Botnet

fusa

C2

193.233.20.12:4132

Attributes
  • auth_value

    a08b2f01bd2af756e38c5dd60e87e697

Targets

    • Target

      d3dfcb317c9ec8646cc32987533425de2ead7624c443ce146c5ce1d02b1e2110

    • Size

      478KB

    • MD5

      a9d073500026bfee292d3b09378e554b

    • SHA1

      3f20ef570222055a9cec769b6b98dbbcf469fbb0

    • SHA256

      d3dfcb317c9ec8646cc32987533425de2ead7624c443ce146c5ce1d02b1e2110

    • SHA512

      add4f01595ea1b9f89138dc53f15d363cb8fb4fe385fa1f7e178f8c81976d0f0d71bfd8432b623685f4b7c95a81635853a78f900a440d0363b678dbc8c8fcf52

    • SSDEEP

      12288:oMr7y90D8+1/Wm1YayXSvWcIyHXLIrwoSD:Dy4/j2RSvWcpHXUrvSD

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks