General

  • Target

    973a0541a156db21362c70f5e2c514f7b9069dc08080f84e3c7d90a47e6dbf52

  • Size

    474KB

  • Sample

    241109-vydb3ayflr

  • MD5

    fca481a1e78d29fceb9ed4ae0ca301fc

  • SHA1

    235476518220dcdd3f889759e82acc0c225092d2

  • SHA256

    973a0541a156db21362c70f5e2c514f7b9069dc08080f84e3c7d90a47e6dbf52

  • SHA512

    ff287193926b71cd23ddc5f135c34db2538d020f09e4200cd4ea05040250680c18feb9c33371948dbb5b1374225bf3f682d59010b595134d2f928d5b599b1b6f

  • SSDEEP

    6144:KKy+bnr+6p0yN90QEvKBcM/9SpL8kEymWa5Sx9iO/9Ld5zMybehvXJ3Z42vl/w+8:mMrqy90eJspXmW2oI8dKXJ35lrUw0hT

Malware Config

Extracted

Family

redline

Botnet

fusa

C2

193.233.20.12:4132

Attributes
  • auth_value

    a08b2f01bd2af756e38c5dd60e87e697

Targets

    • Target

      973a0541a156db21362c70f5e2c514f7b9069dc08080f84e3c7d90a47e6dbf52

    • Size

      474KB

    • MD5

      fca481a1e78d29fceb9ed4ae0ca301fc

    • SHA1

      235476518220dcdd3f889759e82acc0c225092d2

    • SHA256

      973a0541a156db21362c70f5e2c514f7b9069dc08080f84e3c7d90a47e6dbf52

    • SHA512

      ff287193926b71cd23ddc5f135c34db2538d020f09e4200cd4ea05040250680c18feb9c33371948dbb5b1374225bf3f682d59010b595134d2f928d5b599b1b6f

    • SSDEEP

      6144:KKy+bnr+6p0yN90QEvKBcM/9SpL8kEymWa5Sx9iO/9Ld5zMybehvXJ3Z42vl/w+8:mMrqy90eJspXmW2oI8dKXJ35lrUw0hT

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks