General

  • Target

    c2859dbd43ab403b1a1d3f542e1c2bc90a0f68825991bb69e8e163bce2cf8a2c

  • Size

    795KB

  • Sample

    241109-wqgvysskgm

  • MD5

    1d085a6d069495074b4f5a3e0bef98e3

  • SHA1

    acfe5565e52859de7d3daf15c24705e985d223d6

  • SHA256

    c2859dbd43ab403b1a1d3f542e1c2bc90a0f68825991bb69e8e163bce2cf8a2c

  • SHA512

    ba8056e1587e4fa77f92d74039b99f28f306f6ec8efe1b04d2896a247976f961ea07d8e3f941ebf46848d8d61d2cd647175d93ef3643031695211919df82060e

  • SSDEEP

    24576:RyQyXL7nWoTr88ztHI3QKvlWvuv+4b76N:EQyPnWoTr88zxKbN

Malware Config

Extracted

Family

redline

Botnet

fusa

C2

193.233.20.12:4132

Attributes
  • auth_value

    a08b2f01bd2af756e38c5dd60e87e697

Targets

    • Target

      c2859dbd43ab403b1a1d3f542e1c2bc90a0f68825991bb69e8e163bce2cf8a2c

    • Size

      795KB

    • MD5

      1d085a6d069495074b4f5a3e0bef98e3

    • SHA1

      acfe5565e52859de7d3daf15c24705e985d223d6

    • SHA256

      c2859dbd43ab403b1a1d3f542e1c2bc90a0f68825991bb69e8e163bce2cf8a2c

    • SHA512

      ba8056e1587e4fa77f92d74039b99f28f306f6ec8efe1b04d2896a247976f961ea07d8e3f941ebf46848d8d61d2cd647175d93ef3643031695211919df82060e

    • SSDEEP

      24576:RyQyXL7nWoTr88ztHI3QKvlWvuv+4b76N:EQyPnWoTr88zxKbN

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks