General

  • Target

    319935c0c3f5fa45385b926e5cb6b17a227857d080c51b043281bebad8568a1b

  • Size

    550KB

  • Sample

    241110-ek9v4syhlp

  • MD5

    b0bb782e344674e5228bea585d8be28b

  • SHA1

    535c8281f7f98b5d251753e9d4b7f22ffaa0a642

  • SHA256

    319935c0c3f5fa45385b926e5cb6b17a227857d080c51b043281bebad8568a1b

  • SHA512

    110bec4fa8c64947c6755ae3d17df3707f3be1651cdc17300677c069d8b9279f68bc984f699d9470cdb68c764b7436f4601f9046cbe5fb8c4bf2a474fe14f6ff

  • SSDEEP

    12288:cMr4y90pYKVRkVYLKRtDB5Uih0euEGPLAuoZ3jea5ibIvmV+E4r:EyYBiVft15RhnuEm1sjeme+E2

Malware Config

Extracted

Family

redline

Botnet

fusa

C2

193.233.20.12:4132

Attributes
  • auth_value

    a08b2f01bd2af756e38c5dd60e87e697

Targets

    • Target

      319935c0c3f5fa45385b926e5cb6b17a227857d080c51b043281bebad8568a1b

    • Size

      550KB

    • MD5

      b0bb782e344674e5228bea585d8be28b

    • SHA1

      535c8281f7f98b5d251753e9d4b7f22ffaa0a642

    • SHA256

      319935c0c3f5fa45385b926e5cb6b17a227857d080c51b043281bebad8568a1b

    • SHA512

      110bec4fa8c64947c6755ae3d17df3707f3be1651cdc17300677c069d8b9279f68bc984f699d9470cdb68c764b7436f4601f9046cbe5fb8c4bf2a474fe14f6ff

    • SSDEEP

      12288:cMr4y90pYKVRkVYLKRtDB5Uih0euEGPLAuoZ3jea5ibIvmV+E4r:EyYBiVft15RhnuEm1sjeme+E2

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks