General

  • Target

    bacb9935eb6b6a7f14c59693f65a702ac2f874536498f7e43dd73600bc69df67

  • Size

    493KB

  • Sample

    241109-y3475a1fqj

  • MD5

    662e514d859d22ee5b54213f0f077f08

  • SHA1

    aa2f3ca9af1b1488390697936be7adc6730d0ca1

  • SHA256

    bacb9935eb6b6a7f14c59693f65a702ac2f874536498f7e43dd73600bc69df67

  • SHA512

    4e9a787c1a32cc275be6bb98434d815f5c98fa9ed3bbe49965fa5a812c227fc9a8fc8a1442e3d1f42a4663a8cad65daec87ea1db6850b3a3c3145b576d879c81

  • SSDEEP

    12288:HMrey90t6wqh4FVP6IQ1/cUwAd3P2lKyXbI7/AM9:FyqLqaVNQ1/u8wSoM9

Malware Config

Extracted

Family

redline

Botnet

fusa

C2

193.233.20.12:4132

Attributes
  • auth_value

    a08b2f01bd2af756e38c5dd60e87e697

Targets

    • Target

      bacb9935eb6b6a7f14c59693f65a702ac2f874536498f7e43dd73600bc69df67

    • Size

      493KB

    • MD5

      662e514d859d22ee5b54213f0f077f08

    • SHA1

      aa2f3ca9af1b1488390697936be7adc6730d0ca1

    • SHA256

      bacb9935eb6b6a7f14c59693f65a702ac2f874536498f7e43dd73600bc69df67

    • SHA512

      4e9a787c1a32cc275be6bb98434d815f5c98fa9ed3bbe49965fa5a812c227fc9a8fc8a1442e3d1f42a4663a8cad65daec87ea1db6850b3a3c3145b576d879c81

    • SSDEEP

      12288:HMrey90t6wqh4FVP6IQ1/cUwAd3P2lKyXbI7/AM9:FyqLqaVNQ1/u8wSoM9

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks