General

  • Target

    49bd49d598a5c592d7f1ba290ea53e35ce9b6e0bf8d4386bfad4de7b22e28eac

  • Size

    478KB

  • Sample

    241109-zsfmfs1nbx

  • MD5

    2d561c8ff41dce0f38fc7022eb0a8383

  • SHA1

    4a7918ed329294ca266b3b4c13b7757cb042c8bd

  • SHA256

    49bd49d598a5c592d7f1ba290ea53e35ce9b6e0bf8d4386bfad4de7b22e28eac

  • SHA512

    0621ed049c8bc3e3f1215414ea05bb74e6f3ef9c04c58fa0bf281e4b4c037343fa5d2e8969168306b72cb0ee7678752f86c86d5e3b61aaef3bec6c4ff6f43b62

  • SSDEEP

    6144:Kuy+bnr+Op0yN90QE+z/VPI0mfgzExAodzATxrgo1RUA3kwdg2agoxUZxCeCAejJ:CMr+y90Ez/VCIaAazzi2A3kw2wOCQ

Malware Config

Extracted

Family

redline

Botnet

fusa

C2

193.233.20.12:4132

Attributes
  • auth_value

    a08b2f01bd2af756e38c5dd60e87e697

Targets

    • Target

      49bd49d598a5c592d7f1ba290ea53e35ce9b6e0bf8d4386bfad4de7b22e28eac

    • Size

      478KB

    • MD5

      2d561c8ff41dce0f38fc7022eb0a8383

    • SHA1

      4a7918ed329294ca266b3b4c13b7757cb042c8bd

    • SHA256

      49bd49d598a5c592d7f1ba290ea53e35ce9b6e0bf8d4386bfad4de7b22e28eac

    • SHA512

      0621ed049c8bc3e3f1215414ea05bb74e6f3ef9c04c58fa0bf281e4b4c037343fa5d2e8969168306b72cb0ee7678752f86c86d5e3b61aaef3bec6c4ff6f43b62

    • SSDEEP

      6144:Kuy+bnr+Op0yN90QE+z/VPI0mfgzExAodzATxrgo1RUA3kwdg2agoxUZxCeCAejJ:CMr+y90Ez/VCIaAazzi2A3kw2wOCQ

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks