General

  • Target

    932335850918afd8b15009ae0b6ba046d89796e73c0902d88344c2846268a8a0

  • Size

    478KB

  • Sample

    241110-cfrgvsxcnf

  • MD5

    e1a9bc199cee73e7893ed25221fb8f10

  • SHA1

    b8029b20dde0aaf680dd550478a55e66dbcd4faa

  • SHA256

    932335850918afd8b15009ae0b6ba046d89796e73c0902d88344c2846268a8a0

  • SHA512

    82140e3c3a539e704c74bb910a5d63b9bff2b3cb896c514e46f1761ae47ac61dc6552ba4d7e807476428828dafc771eb6e32be75a01e7fd5ea6d5feeacfeffee

  • SSDEEP

    12288:SMr8y90aNBwDJ1WeVP6lV4iW43VokGdnyNHespQ3:uydNmnAPVRGdyN+Ca

Malware Config

Extracted

Family

redline

Botnet

fusa

C2

193.233.20.12:4132

Attributes
  • auth_value

    a08b2f01bd2af756e38c5dd60e87e697

Targets

    • Target

      932335850918afd8b15009ae0b6ba046d89796e73c0902d88344c2846268a8a0

    • Size

      478KB

    • MD5

      e1a9bc199cee73e7893ed25221fb8f10

    • SHA1

      b8029b20dde0aaf680dd550478a55e66dbcd4faa

    • SHA256

      932335850918afd8b15009ae0b6ba046d89796e73c0902d88344c2846268a8a0

    • SHA512

      82140e3c3a539e704c74bb910a5d63b9bff2b3cb896c514e46f1761ae47ac61dc6552ba4d7e807476428828dafc771eb6e32be75a01e7fd5ea6d5feeacfeffee

    • SSDEEP

      12288:SMr8y90aNBwDJ1WeVP6lV4iW43VokGdnyNHespQ3:uydNmnAPVRGdyN+Ca

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks