General

  • Target

    273659767d5c597a4e9868fc9c41488da23322c8ab5200d2efa0a2d7646c483f

  • Size

    478KB

  • Sample

    241110-zky4tsxrap

  • MD5

    9f26cd137380a16a461712d26ba19019

  • SHA1

    aaf91a43cbfd7599538ea1292b351dd91ccb0cfb

  • SHA256

    273659767d5c597a4e9868fc9c41488da23322c8ab5200d2efa0a2d7646c483f

  • SHA512

    08c38f5753ae0a903bdabd4c3fed1f0df044833110337c549ccda7ea0201065cc5d6cac75bb9c42e01fb2c7e1457bb6c5486475b2c79db87c7c1f508b806e5bc

  • SSDEEP

    12288:XMrZy90EJ7vHPBz8N6oc4fOAOFrMhzT5nR6G:2ylrvBOc4GAOpMzR6G

Malware Config

Extracted

Family

redline

Botnet

fusa

C2

193.233.20.12:4132

Attributes
  • auth_value

    a08b2f01bd2af756e38c5dd60e87e697

Targets

    • Target

      273659767d5c597a4e9868fc9c41488da23322c8ab5200d2efa0a2d7646c483f

    • Size

      478KB

    • MD5

      9f26cd137380a16a461712d26ba19019

    • SHA1

      aaf91a43cbfd7599538ea1292b351dd91ccb0cfb

    • SHA256

      273659767d5c597a4e9868fc9c41488da23322c8ab5200d2efa0a2d7646c483f

    • SHA512

      08c38f5753ae0a903bdabd4c3fed1f0df044833110337c549ccda7ea0201065cc5d6cac75bb9c42e01fb2c7e1457bb6c5486475b2c79db87c7c1f508b806e5bc

    • SSDEEP

      12288:XMrZy90EJ7vHPBz8N6oc4fOAOFrMhzT5nR6G:2ylrvBOc4GAOpMzR6G

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks