General

  • Target

    728a931f647782bd62d8be58077b0a446db865bac40edc92a9848c60351d64d8

  • Size

    478KB

  • Sample

    241110-x35m8atbjn

  • MD5

    8c6e0fb39642cd27917012c997d5eddb

  • SHA1

    ffabd7f34a5b56f3a48a1a8b0e2f610c19bd7a14

  • SHA256

    728a931f647782bd62d8be58077b0a446db865bac40edc92a9848c60351d64d8

  • SHA512

    434fa8681727112caaedad3fbaec4f350c978b5badbe4196be5c8b2b57bec4b02ef7c4b8109f2d32f0be36275690a97316f154e3b723ef55ee7b41726f9f3903

  • SSDEEP

    6144:KPy+bnr+Tp0yN90QE24bXkVIodVRvUBvVJujnPKc/5v8z8y3UUmO9VZ2fBj7fCCG:hMr7y90NXkVBvQVJujPKs50Dox7fFwt

Malware Config

Extracted

Family

redline

Botnet

fusa

C2

193.233.20.12:4132

Attributes
  • auth_value

    a08b2f01bd2af756e38c5dd60e87e697

Targets

    • Target

      728a931f647782bd62d8be58077b0a446db865bac40edc92a9848c60351d64d8

    • Size

      478KB

    • MD5

      8c6e0fb39642cd27917012c997d5eddb

    • SHA1

      ffabd7f34a5b56f3a48a1a8b0e2f610c19bd7a14

    • SHA256

      728a931f647782bd62d8be58077b0a446db865bac40edc92a9848c60351d64d8

    • SHA512

      434fa8681727112caaedad3fbaec4f350c978b5badbe4196be5c8b2b57bec4b02ef7c4b8109f2d32f0be36275690a97316f154e3b723ef55ee7b41726f9f3903

    • SSDEEP

      6144:KPy+bnr+Tp0yN90QE24bXkVIodVRvUBvVJujnPKc/5v8z8y3UUmO9VZ2fBj7fCCG:hMr7y90NXkVBvQVJujPKs50Dox7fFwt

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks