General

  • Target

    ad6a388c7e90bdb9dd450b52a4167678e6e8c3f218a77dc8ce6bdbad005ec526

  • Size

    724KB

  • Sample

    241110-b2374swkgz

  • MD5

    2684122e2b240716e21c1938f3186043

  • SHA1

    1536052d4d223fb029506dca658d47d59aaa71c6

  • SHA256

    ad6a388c7e90bdb9dd450b52a4167678e6e8c3f218a77dc8ce6bdbad005ec526

  • SHA512

    589197ef8156000a61ecc4fef49e30c4a5c339d25ad00cc045ad3319209bf72b6c99fa238267510cb959ed3404d50e66c208dc74a772b76c06ca8c3471b716d8

  • SSDEEP

    12288:xMrby90qC6ulDf03yF+fdZlUmmlh+LEcx27mPkLC0dYTN2mywr:ayo6ulDgFZlmlhiECRkLlC2k

Malware Config

Extracted

Family

redline

Botnet

fuka

C2

193.233.20.11:4131

Attributes
  • auth_value

    90eef520554ef188793d77ecc34217bf

Targets

    • Target

      ad6a388c7e90bdb9dd450b52a4167678e6e8c3f218a77dc8ce6bdbad005ec526

    • Size

      724KB

    • MD5

      2684122e2b240716e21c1938f3186043

    • SHA1

      1536052d4d223fb029506dca658d47d59aaa71c6

    • SHA256

      ad6a388c7e90bdb9dd450b52a4167678e6e8c3f218a77dc8ce6bdbad005ec526

    • SHA512

      589197ef8156000a61ecc4fef49e30c4a5c339d25ad00cc045ad3319209bf72b6c99fa238267510cb959ed3404d50e66c208dc74a772b76c06ca8c3471b716d8

    • SSDEEP

      12288:xMrby90qC6ulDf03yF+fdZlUmmlh+LEcx27mPkLC0dYTN2mywr:ayo6ulDgFZlmlhiECRkLlC2k

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks