General

  • Target

    9c299c7b9f5c81345d447e6e41fa7b1c81e98f6d32bcced204746687f4d91250

  • Size

    549KB

  • Sample

    241110-dbz4wa1lak

  • MD5

    42593925233253e63e9d6ce90dc903f3

  • SHA1

    1b8a8c46b0393642999cc7211722bed46674680c

  • SHA256

    9c299c7b9f5c81345d447e6e41fa7b1c81e98f6d32bcced204746687f4d91250

  • SHA512

    559bfa2e750bf7b8197b1f437de663776cdbc7e46a8e4ef2726576d4a34c0c08dd692c426f39b85d8c67414aa4a900b5f2098d9ddf5fd377971c194addfa9e3d

  • SSDEEP

    12288:rMrPy90PwK7cVQdLuHeu+KZl/A0X0LLnA34Lpc6w:ky+wKAVOuHe0T40Eg34L66w

Malware Config

Extracted

Family

redline

Botnet

fusa

C2

193.233.20.12:4132

Attributes
  • auth_value

    a08b2f01bd2af756e38c5dd60e87e697

Targets

    • Target

      9c299c7b9f5c81345d447e6e41fa7b1c81e98f6d32bcced204746687f4d91250

    • Size

      549KB

    • MD5

      42593925233253e63e9d6ce90dc903f3

    • SHA1

      1b8a8c46b0393642999cc7211722bed46674680c

    • SHA256

      9c299c7b9f5c81345d447e6e41fa7b1c81e98f6d32bcced204746687f4d91250

    • SHA512

      559bfa2e750bf7b8197b1f437de663776cdbc7e46a8e4ef2726576d4a34c0c08dd692c426f39b85d8c67414aa4a900b5f2098d9ddf5fd377971c194addfa9e3d

    • SSDEEP

      12288:rMrPy90PwK7cVQdLuHeu+KZl/A0X0LLnA34Lpc6w:ky+wKAVOuHe0T40Eg34L66w

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks