General

  • Target

    bfee75d6cfc4d9e392ae1b3ea219b11c9c6e15f544fb3e3c004b5fd9fa01ec21

  • Size

    478KB

  • Sample

    241110-a19stswbqa

  • MD5

    7aa8445b749acbfc40624378f1b9ee24

  • SHA1

    b0fb61a38717c4b5fb085fa85dc6c86f03d29c64

  • SHA256

    bfee75d6cfc4d9e392ae1b3ea219b11c9c6e15f544fb3e3c004b5fd9fa01ec21

  • SHA512

    8cb230a8b7a8ddcc669dfbd5675d15c6359da9c6887afaf71002ba26acd3c7fe63ee7c59a39f02a796387518a3e6d8655519ff801e262368f2969ef9d03d38c3

  • SSDEEP

    12288:vMrZy901gRUmysPR8W320YZi5lKdf9sdCHhF6:+yQ7IJrIiDKdnhF6

Malware Config

Extracted

Family

redline

Botnet

fusa

C2

193.233.20.12:4132

Attributes
  • auth_value

    a08b2f01bd2af756e38c5dd60e87e697

Targets

    • Target

      bfee75d6cfc4d9e392ae1b3ea219b11c9c6e15f544fb3e3c004b5fd9fa01ec21

    • Size

      478KB

    • MD5

      7aa8445b749acbfc40624378f1b9ee24

    • SHA1

      b0fb61a38717c4b5fb085fa85dc6c86f03d29c64

    • SHA256

      bfee75d6cfc4d9e392ae1b3ea219b11c9c6e15f544fb3e3c004b5fd9fa01ec21

    • SHA512

      8cb230a8b7a8ddcc669dfbd5675d15c6359da9c6887afaf71002ba26acd3c7fe63ee7c59a39f02a796387518a3e6d8655519ff801e262368f2969ef9d03d38c3

    • SSDEEP

      12288:vMrZy901gRUmysPR8W320YZi5lKdf9sdCHhF6:+yQ7IJrIiDKdnhF6

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks