General

  • Target

    8081a741e0ebfae0838856e02345cf8d7c6bdcf00dc13a5398e61efc7e6e071a

  • Size

    550KB

  • Sample

    241109-xn4sdazfjh

  • MD5

    8e45c0846f8a9eaf91f4684c73f4bf33

  • SHA1

    44735637d90bd7a3695958861f56679861d4428f

  • SHA256

    8081a741e0ebfae0838856e02345cf8d7c6bdcf00dc13a5398e61efc7e6e071a

  • SHA512

    7b52b4fe84e7158c7d2b762b33e75c1794e8e865a3ddd2aa57b9e9bee8db0af17bd7db3aca7842df65b5d0b461c4e8790d8b3b7565de60412d458575fce709ad

  • SSDEEP

    12288:PMrky90/LzzIa78nP+cYIqG0fW9RLgWA08Cl90dP2pWX+0lCy9oyX:fy0LzGP+R29oZWKd2YX3N9J

Malware Config

Extracted

Family

redline

Botnet

fusa

C2

193.233.20.12:4132

Attributes
  • auth_value

    a08b2f01bd2af756e38c5dd60e87e697

Targets

    • Target

      8081a741e0ebfae0838856e02345cf8d7c6bdcf00dc13a5398e61efc7e6e071a

    • Size

      550KB

    • MD5

      8e45c0846f8a9eaf91f4684c73f4bf33

    • SHA1

      44735637d90bd7a3695958861f56679861d4428f

    • SHA256

      8081a741e0ebfae0838856e02345cf8d7c6bdcf00dc13a5398e61efc7e6e071a

    • SHA512

      7b52b4fe84e7158c7d2b762b33e75c1794e8e865a3ddd2aa57b9e9bee8db0af17bd7db3aca7842df65b5d0b461c4e8790d8b3b7565de60412d458575fce709ad

    • SSDEEP

      12288:PMrky90/LzzIa78nP+cYIqG0fW9RLgWA08Cl90dP2pWX+0lCy9oyX:fy0LzGP+R29oZWKd2YX3N9J

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks