General

  • Target

    9bc679332b5f7154b2c91062539a93174b92a6fa13034cb5c92b9756ee3f5536

  • Size

    2.1MB

  • Sample

    241109-y3q1ha1fpj

  • MD5

    a432e7fc12f1fb4a5de5fb5f07e78073

  • SHA1

    264e741374073ec9db179626462c7e4085698716

  • SHA256

    9bc679332b5f7154b2c91062539a93174b92a6fa13034cb5c92b9756ee3f5536

  • SHA512

    e82bf4ed6c4eec953e56d24bfad5bca53dfff6971bb678888c12e108fd533bfc25a78586a12b5a1703eef639a484489f6198569306c33073367a42bb1c5e3fad

  • SSDEEP

    49152:L+LveTikB/KC7SV77IERbEB8lQVaqX5IJBbcl:aL2TiYX7Mxl+ig

Malware Config

Extracted

Family

redline

Botnet

fuka

C2

193.233.20.11:4131

Attributes
  • auth_value

    90eef520554ef188793d77ecc34217bf

Targets

    • Target

      9bc679332b5f7154b2c91062539a93174b92a6fa13034cb5c92b9756ee3f5536

    • Size

      2.1MB

    • MD5

      a432e7fc12f1fb4a5de5fb5f07e78073

    • SHA1

      264e741374073ec9db179626462c7e4085698716

    • SHA256

      9bc679332b5f7154b2c91062539a93174b92a6fa13034cb5c92b9756ee3f5536

    • SHA512

      e82bf4ed6c4eec953e56d24bfad5bca53dfff6971bb678888c12e108fd533bfc25a78586a12b5a1703eef639a484489f6198569306c33073367a42bb1c5e3fad

    • SSDEEP

      49152:L+LveTikB/KC7SV77IERbEB8lQVaqX5IJBbcl:aL2TiYX7Mxl+ig

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks