General

  • Target

    4f5563c4318fe7d1beeebbe9a6b2258c3afe1ec5ee8f2a2c27d3280e5e5e3042

  • Size

    478KB

  • Sample

    241110-xlck4swlfk

  • MD5

    501a4db886c5cc6b3017f4c8e4aa6e1e

  • SHA1

    75bfbccca38027ac19e1ea3d78d0925f8bc0cca0

  • SHA256

    4f5563c4318fe7d1beeebbe9a6b2258c3afe1ec5ee8f2a2c27d3280e5e5e3042

  • SHA512

    8c3d9617240f896d9c47ac5f621542eaddfa7ab97a8793056ad8f6557f1b7ed24941511b7d3131ec6c2eae7819de4d36db0f8f79e3a801259660cc2884177137

  • SSDEEP

    12288:GMrHy90iRh7pVMHO09SxXOvtOJjkTTjMhzT5nHg:pynpOHzYdOvt7TjMzHg

Malware Config

Extracted

Family

redline

Botnet

fusa

C2

193.233.20.12:4132

Attributes
  • auth_value

    a08b2f01bd2af756e38c5dd60e87e697

Targets

    • Target

      4f5563c4318fe7d1beeebbe9a6b2258c3afe1ec5ee8f2a2c27d3280e5e5e3042

    • Size

      478KB

    • MD5

      501a4db886c5cc6b3017f4c8e4aa6e1e

    • SHA1

      75bfbccca38027ac19e1ea3d78d0925f8bc0cca0

    • SHA256

      4f5563c4318fe7d1beeebbe9a6b2258c3afe1ec5ee8f2a2c27d3280e5e5e3042

    • SHA512

      8c3d9617240f896d9c47ac5f621542eaddfa7ab97a8793056ad8f6557f1b7ed24941511b7d3131ec6c2eae7819de4d36db0f8f79e3a801259660cc2884177137

    • SSDEEP

      12288:GMrHy90iRh7pVMHO09SxXOvtOJjkTTjMhzT5nHg:pynpOHzYdOvt7TjMzHg

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks