General

  • Target

    73f183fd197df02048750abecb35b35f07321692eeb04fa88ae306a529430de5

  • Size

    550KB

  • Sample

    241110-xwr4jsshqr

  • MD5

    2301a0996c80e67a436af187fce435ed

  • SHA1

    421739d6de1f462f0d86a26d809b887376d2c01c

  • SHA256

    73f183fd197df02048750abecb35b35f07321692eeb04fa88ae306a529430de5

  • SHA512

    524091e80a55f91842ac6a9c9af5e1e8ee28b6fb7377b92aea69b633fe5e7a08c7dda8e36f3d90180f42e31ddf83dc6b9f4b1dc57b23851c20f37dda54bad944

  • SSDEEP

    6144:K5y+bnr+Sp0yN90QEH0zjV8IrIVEpiF0P9itXmuKhblDoOOUKmQvR0d18yKBH5Dh:rMray90EjVMYj8tX+hhErJ0dJWBr/SY

Malware Config

Extracted

Family

redline

Botnet

fusa

C2

193.233.20.12:4132

Attributes
  • auth_value

    a08b2f01bd2af756e38c5dd60e87e697

Targets

    • Target

      73f183fd197df02048750abecb35b35f07321692eeb04fa88ae306a529430de5

    • Size

      550KB

    • MD5

      2301a0996c80e67a436af187fce435ed

    • SHA1

      421739d6de1f462f0d86a26d809b887376d2c01c

    • SHA256

      73f183fd197df02048750abecb35b35f07321692eeb04fa88ae306a529430de5

    • SHA512

      524091e80a55f91842ac6a9c9af5e1e8ee28b6fb7377b92aea69b633fe5e7a08c7dda8e36f3d90180f42e31ddf83dc6b9f4b1dc57b23851c20f37dda54bad944

    • SSDEEP

      6144:K5y+bnr+Sp0yN90QEH0zjV8IrIVEpiF0P9itXmuKhblDoOOUKmQvR0d18yKBH5Dh:rMray90EjVMYj8tX+hhErJ0dJWBr/SY

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks