General

  • Target

    741a016fce3f3fdc2b294a7a73d514c7cc176715044e60c48caf71741459b629

  • Size

    476KB

  • Sample

    241110-bf3pfsvphz

  • MD5

    dbbdf680b50308100eee8907ba0fdb7d

  • SHA1

    91af344a804589a2ab9d914f32db74288b35c528

  • SHA256

    741a016fce3f3fdc2b294a7a73d514c7cc176715044e60c48caf71741459b629

  • SHA512

    1449aa58a9118c2e0b9687379c7992a2c02a21aa7601a363ee53ac08bf26e299bea36818c512b0468b4299c289e79506f25cf7da499209a72efc74e4e5a68a34

  • SSDEEP

    12288:gMrOy90/DV0gGYVLlsDHoYJs92Jm1YW4ayau5D9EwwW:+ywlvVEIk5JirByaA

Malware Config

Extracted

Family

redline

Botnet

fuka

C2

193.233.20.11:4131

Attributes
  • auth_value

    90eef520554ef188793d77ecc34217bf

Targets

    • Target

      741a016fce3f3fdc2b294a7a73d514c7cc176715044e60c48caf71741459b629

    • Size

      476KB

    • MD5

      dbbdf680b50308100eee8907ba0fdb7d

    • SHA1

      91af344a804589a2ab9d914f32db74288b35c528

    • SHA256

      741a016fce3f3fdc2b294a7a73d514c7cc176715044e60c48caf71741459b629

    • SHA512

      1449aa58a9118c2e0b9687379c7992a2c02a21aa7601a363ee53ac08bf26e299bea36818c512b0468b4299c289e79506f25cf7da499209a72efc74e4e5a68a34

    • SSDEEP

      12288:gMrOy90/DV0gGYVLlsDHoYJs92Jm1YW4ayau5D9EwwW:+ywlvVEIk5JirByaA

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks