General

  • Target

    ab806a9ff3ee43e1344158fe168d95320f8346c05601ee699f9010395c4d0689

  • Size

    427KB

  • Sample

    241110-cwmtlszqfj

  • MD5

    3c5b856c81e3536255c4833d89e23847

  • SHA1

    2aec050547b7fb01eee6fc59a4652f4379c804bd

  • SHA256

    ab806a9ff3ee43e1344158fe168d95320f8346c05601ee699f9010395c4d0689

  • SHA512

    39f9e3a193679d68015c8c15b37ff02e860b8097e2f834eb94191d1d731041036f6ea4cb97f12d3f459ddedf93998d0e3960657c3be06fed5bbc529c3404e0a1

  • SSDEEP

    6144:Y94UCpa0KyyFaUiG4L1j+KVOY77nYUmKFLBwYWGBaoHrYnxv7jilVYpzpA:g5NydG4LYkxvaK7BakYxvHilVYzpA

Malware Config

Extracted

Family

redline

Botnet

fusa

C2

193.233.20.12:4132

Attributes
  • auth_value

    a08b2f01bd2af756e38c5dd60e87e697

Targets

    • Target

      f2f1b99fb9aaf113970283eedd3706f617216812b6dfa957af1f6f45a6c4f951.exe

    • Size

      478KB

    • MD5

      4de16ba68c446ed764830e2863b76325

    • SHA1

      74a148dd1316bacafdf469c72104f1d327e33db9

    • SHA256

      f2f1b99fb9aaf113970283eedd3706f617216812b6dfa957af1f6f45a6c4f951

    • SHA512

      87dde08d6058046ef554197731065da6ceebf352ccf37845647aaf6b3993b0684a7ff3a77d34c385fd26e67215909b4cd6d0ee05d203f5a236a54e4b64ceefa0

    • SSDEEP

      6144:Kwy+bnr+Dp0yN90QEuesGoADrVNIr2/iR2YsEFxhu+IY1pv/olmQ83/C559QfBz/:cMrPy90hrVjaR2ENuYfolro/E9uQS

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks