General

  • Target

    20dc795fb32e67157888b5824d1291c0a97143b55ccf4dc370e6b6b4169b59da

  • Size

    493KB

  • Sample

    241110-xhb56swlak

  • MD5

    cd0b04fe305430c9488b295d66e32ac2

  • SHA1

    c1ceed2efc8b674b3b7dd5ec8af254d20a2c6bdc

  • SHA256

    20dc795fb32e67157888b5824d1291c0a97143b55ccf4dc370e6b6b4169b59da

  • SHA512

    979315e8fae16c8988d5197699be1a3f4cf70f29381b0fd5974d81a023cab85e348ab123199506748a4cbde992e23bdbcca61e1fae5c61a5146dc5f493f0c19e

  • SSDEEP

    12288:zMroy90BeV/O9BgHyBvxEsvkkcVYSnAat:vyJVSPbcDuSnL

Malware Config

Extracted

Family

redline

Botnet

fusa

C2

193.233.20.12:4132

Attributes
  • auth_value

    a08b2f01bd2af756e38c5dd60e87e697

Targets

    • Target

      20dc795fb32e67157888b5824d1291c0a97143b55ccf4dc370e6b6b4169b59da

    • Size

      493KB

    • MD5

      cd0b04fe305430c9488b295d66e32ac2

    • SHA1

      c1ceed2efc8b674b3b7dd5ec8af254d20a2c6bdc

    • SHA256

      20dc795fb32e67157888b5824d1291c0a97143b55ccf4dc370e6b6b4169b59da

    • SHA512

      979315e8fae16c8988d5197699be1a3f4cf70f29381b0fd5974d81a023cab85e348ab123199506748a4cbde992e23bdbcca61e1fae5c61a5146dc5f493f0c19e

    • SSDEEP

      12288:zMroy90BeV/O9BgHyBvxEsvkkcVYSnAat:vyJVSPbcDuSnL

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks