General

  • Target

    d35c17e781d839b034a6e2bdfe99897aa5896747e5f1d1a2bffda1c37524b4d2

  • Size

    477KB

  • Sample

    241110-wadtcsvlfq

  • MD5

    a9941be7f18e0ef768d334cca8d3ddda

  • SHA1

    bdad872aa95ca4b92d0a3adead1501228d3c4eaf

  • SHA256

    d35c17e781d839b034a6e2bdfe99897aa5896747e5f1d1a2bffda1c37524b4d2

  • SHA512

    36b8be41b2a6367d90b8ed8e11a2f40537bc4f78ad7edb9f4b07d1d1767cee479544bff7aa3032d07c550adada4f4b5f0c2fabc70d654866eb5479a35b9e69b1

  • SSDEEP

    6144:KUy+bnr+2p0yN90QEz5b5zNLMSUme6YvLLOwLI3YrG5dN7kCUIZNsL8CdT5kxyPy:MMr6y90JrzCN6iOF3YrcdC+sLJ5kfvR

Malware Config

Extracted

Family

redline

Botnet

fusa

C2

193.233.20.12:4132

Attributes
  • auth_value

    a08b2f01bd2af756e38c5dd60e87e697

Targets

    • Target

      d35c17e781d839b034a6e2bdfe99897aa5896747e5f1d1a2bffda1c37524b4d2

    • Size

      477KB

    • MD5

      a9941be7f18e0ef768d334cca8d3ddda

    • SHA1

      bdad872aa95ca4b92d0a3adead1501228d3c4eaf

    • SHA256

      d35c17e781d839b034a6e2bdfe99897aa5896747e5f1d1a2bffda1c37524b4d2

    • SHA512

      36b8be41b2a6367d90b8ed8e11a2f40537bc4f78ad7edb9f4b07d1d1767cee479544bff7aa3032d07c550adada4f4b5f0c2fabc70d654866eb5479a35b9e69b1

    • SSDEEP

      6144:KUy+bnr+2p0yN90QEz5b5zNLMSUme6YvLLOwLI3YrG5dN7kCUIZNsL8CdT5kxyPy:MMr6y90JrzCN6iOF3YrcdC+sLJ5kfvR

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks