General

  • Target

    f40f684a76af2e1f3937c022ac36681075d75a4681d1642e7761dd791517e8ea

  • Size

    474KB

  • Sample

    241109-zh861ssbll

  • MD5

    dc5d4112179775b1dd9fb52a674b9f1e

  • SHA1

    f3355166660afc3eae4a46e6f22c3def60b41437

  • SHA256

    f40f684a76af2e1f3937c022ac36681075d75a4681d1642e7761dd791517e8ea

  • SHA512

    9c81613dbce9f8faf672361f8d8df2d7dffb50b0f67fbe6a37a974097edcabc7eb1c5f49bfca031a56413bb4bf20ac2b16554a8e1bb362cb440af6d4275c891f

  • SSDEEP

    6144:Kpy+bnr+ep0yN90QEvD3T0eitgg7pytwhmEq18I6TzqKI7wfYV9kERgrpSIhidA:vMrCy90p3t6ggoeDE8ISqKbKkGopbi+

Malware Config

Extracted

Family

redline

Botnet

fusa

C2

193.233.20.12:4132

Attributes
  • auth_value

    a08b2f01bd2af756e38c5dd60e87e697

Targets

    • Target

      f40f684a76af2e1f3937c022ac36681075d75a4681d1642e7761dd791517e8ea

    • Size

      474KB

    • MD5

      dc5d4112179775b1dd9fb52a674b9f1e

    • SHA1

      f3355166660afc3eae4a46e6f22c3def60b41437

    • SHA256

      f40f684a76af2e1f3937c022ac36681075d75a4681d1642e7761dd791517e8ea

    • SHA512

      9c81613dbce9f8faf672361f8d8df2d7dffb50b0f67fbe6a37a974097edcabc7eb1c5f49bfca031a56413bb4bf20ac2b16554a8e1bb362cb440af6d4275c891f

    • SSDEEP

      6144:Kpy+bnr+ep0yN90QEvD3T0eitgg7pytwhmEq18I6TzqKI7wfYV9kERgrpSIhidA:vMrCy90p3t6ggoeDE8ISqKbKkGopbi+

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks