General

  • Target

    8ba814629b90efaeb2dada725a6de946f2087256d5ad47e8479c1cd3b17ec291

  • Size

    550KB

  • Sample

    241109-v2edjayfrk

  • MD5

    1fdfe465113edf0177a3e6e2cd8bb71e

  • SHA1

    d656fc22ad65023fdc4a8e16e5909cb5f815e06e

  • SHA256

    8ba814629b90efaeb2dada725a6de946f2087256d5ad47e8479c1cd3b17ec291

  • SHA512

    561e79a464a94836578b6fc50a6ee28037032b1d4b53757a1806b19b62365fded73944b710e981e45a82df637845b10313664ebcc14b6c5b9fe60a267ecc8d0f

  • SSDEEP

    12288:jMrYy90dnPPjzQOs9wWiMaKALa7qqVk1fsKocr++c3vWg:Ty4HjzQOs9q7O7qvocGWg

Malware Config

Extracted

Family

redline

Botnet

fusa

C2

193.233.20.12:4132

Attributes
  • auth_value

    a08b2f01bd2af756e38c5dd60e87e697

Targets

    • Target

      8ba814629b90efaeb2dada725a6de946f2087256d5ad47e8479c1cd3b17ec291

    • Size

      550KB

    • MD5

      1fdfe465113edf0177a3e6e2cd8bb71e

    • SHA1

      d656fc22ad65023fdc4a8e16e5909cb5f815e06e

    • SHA256

      8ba814629b90efaeb2dada725a6de946f2087256d5ad47e8479c1cd3b17ec291

    • SHA512

      561e79a464a94836578b6fc50a6ee28037032b1d4b53757a1806b19b62365fded73944b710e981e45a82df637845b10313664ebcc14b6c5b9fe60a267ecc8d0f

    • SSDEEP

      12288:jMrYy90dnPPjzQOs9wWiMaKALa7qqVk1fsKocr++c3vWg:Ty4HjzQOs9q7O7qvocGWg

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks