General

  • Target

    8feb782a3afa23ea9ea09f7fd1beca77c5ed59188095079d0d1e86349e988776

  • Size

    477KB

  • Sample

    241109-xydzpszhkp

  • MD5

    6b7d61175d9b8259f5756bdf6ef71513

  • SHA1

    711fbffda11005ff83406f9089806ac635af0e9c

  • SHA256

    8feb782a3afa23ea9ea09f7fd1beca77c5ed59188095079d0d1e86349e988776

  • SHA512

    04311a973caf5123a5789a8a663d760f7403a9d82adc639e7f5c053bed8175ead9b3f39932dc4215823ecd68ba1f993a06c56b68054a821bff050a3b6c78c919

  • SSDEEP

    12288:MMrWy90l3GeUVUcO8RDKsrdU1SoZIFfW/Bb:CyI2zV9RWN16+

Malware Config

Extracted

Family

redline

Botnet

fusa

C2

193.233.20.12:4132

Attributes
  • auth_value

    a08b2f01bd2af756e38c5dd60e87e697

Targets

    • Target

      8feb782a3afa23ea9ea09f7fd1beca77c5ed59188095079d0d1e86349e988776

    • Size

      477KB

    • MD5

      6b7d61175d9b8259f5756bdf6ef71513

    • SHA1

      711fbffda11005ff83406f9089806ac635af0e9c

    • SHA256

      8feb782a3afa23ea9ea09f7fd1beca77c5ed59188095079d0d1e86349e988776

    • SHA512

      04311a973caf5123a5789a8a663d760f7403a9d82adc639e7f5c053bed8175ead9b3f39932dc4215823ecd68ba1f993a06c56b68054a821bff050a3b6c78c919

    • SSDEEP

      12288:MMrWy90l3GeUVUcO8RDKsrdU1SoZIFfW/Bb:CyI2zV9RWN16+

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks