General

  • Target

    486759f3debb7db4720a57355e2a2071bf2e179426b22536a65145baa0b6bcf0

  • Size

    478KB

  • Sample

    241110-d9d93ayfkn

  • MD5

    c6b94d649179723e64032b2ecb2fc630

  • SHA1

    822d40df6c50d77e20f67fe49f89762541f96f09

  • SHA256

    486759f3debb7db4720a57355e2a2071bf2e179426b22536a65145baa0b6bcf0

  • SHA512

    27a6e857b9e9f1e388ea818d9fd385c4194925be6eb42081a517f56e74fd0982394b03757b21b797ea8be5f35caeda34db85ed9cabd98b74928d7d5f0631d933

  • SSDEEP

    12288:JMr6y90LaWn6QzjVMuy4pyjOmUNHesp/H:HyzsnVvy0yQN+Cv

Malware Config

Extracted

Family

redline

Botnet

fusa

C2

193.233.20.12:4132

Attributes
  • auth_value

    a08b2f01bd2af756e38c5dd60e87e697

Targets

    • Target

      486759f3debb7db4720a57355e2a2071bf2e179426b22536a65145baa0b6bcf0

    • Size

      478KB

    • MD5

      c6b94d649179723e64032b2ecb2fc630

    • SHA1

      822d40df6c50d77e20f67fe49f89762541f96f09

    • SHA256

      486759f3debb7db4720a57355e2a2071bf2e179426b22536a65145baa0b6bcf0

    • SHA512

      27a6e857b9e9f1e388ea818d9fd385c4194925be6eb42081a517f56e74fd0982394b03757b21b797ea8be5f35caeda34db85ed9cabd98b74928d7d5f0631d933

    • SSDEEP

      12288:JMr6y90LaWn6QzjVMuy4pyjOmUNHesp/H:HyzsnVvy0yQN+Cv

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks