General

  • Target

    cf3191d7873d1d0d1a518b3e7866d55013dba11e6e38b9a563a370399140871d

  • Size

    728KB

  • Sample

    241109-zm117svlfp

  • MD5

    fc9f5c91984abc9efbf747e829db8a36

  • SHA1

    fede59a7325b806831d46645577ab0b2c7cb7b0c

  • SHA256

    cf3191d7873d1d0d1a518b3e7866d55013dba11e6e38b9a563a370399140871d

  • SHA512

    8b5eacc6fee0605824cda345594fd338c824e6fd24e11aae6c9ae65e477118721ff611e2c1e44a3daec6be41f9807aa0c7dd890b3e7de0769880e99c13a92e87

  • SSDEEP

    12288:FMroy90YXXtT95zZmML4vgJtvY4MO9mbw88yAqIPo2QHJLccKnfS546X9530fWP2:dy/Xtnz4MLpJtvY6Ibw88yAqIpkJLM6k

Malware Config

Extracted

Family

redline

Botnet

fusa

C2

193.233.20.12:4132

Attributes
  • auth_value

    a08b2f01bd2af756e38c5dd60e87e697

Targets

    • Target

      cf3191d7873d1d0d1a518b3e7866d55013dba11e6e38b9a563a370399140871d

    • Size

      728KB

    • MD5

      fc9f5c91984abc9efbf747e829db8a36

    • SHA1

      fede59a7325b806831d46645577ab0b2c7cb7b0c

    • SHA256

      cf3191d7873d1d0d1a518b3e7866d55013dba11e6e38b9a563a370399140871d

    • SHA512

      8b5eacc6fee0605824cda345594fd338c824e6fd24e11aae6c9ae65e477118721ff611e2c1e44a3daec6be41f9807aa0c7dd890b3e7de0769880e99c13a92e87

    • SSDEEP

      12288:FMroy90YXXtT95zZmML4vgJtvY4MO9mbw88yAqIPo2QHJLccKnfS546X9530fWP2:dy/Xtnz4MLpJtvY6Ibw88yAqIpkJLM6k

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks