General

  • Target

    4919f49114bae68b3df35274d93a36330212fd606279a1fb9ac3f2c99f0a3731

  • Size

    550KB

  • Sample

    241110-zmeszaxrdn

  • MD5

    4bb0826dcfaaa010da2f0557699b8099

  • SHA1

    b6909748f3151863b1b9dbf0e327753d913ca567

  • SHA256

    4919f49114bae68b3df35274d93a36330212fd606279a1fb9ac3f2c99f0a3731

  • SHA512

    3ca87304a1249678805725e25c612449116335376c568d27e210e41925fb8d956d3f6ce0aecd3d49e124e478e1d9d692ccf332a07f1d085f3d6324127adc8154

  • SSDEEP

    12288:NMrey90dn19iSvnYlSkZso6i8k71M0WGHBhxFpid4n09:/y0aSySE6i8aM0WGH3Zi+nu

Malware Config

Extracted

Family

redline

Botnet

fusa

C2

193.233.20.12:4132

Attributes
  • auth_value

    a08b2f01bd2af756e38c5dd60e87e697

Targets

    • Target

      4919f49114bae68b3df35274d93a36330212fd606279a1fb9ac3f2c99f0a3731

    • Size

      550KB

    • MD5

      4bb0826dcfaaa010da2f0557699b8099

    • SHA1

      b6909748f3151863b1b9dbf0e327753d913ca567

    • SHA256

      4919f49114bae68b3df35274d93a36330212fd606279a1fb9ac3f2c99f0a3731

    • SHA512

      3ca87304a1249678805725e25c612449116335376c568d27e210e41925fb8d956d3f6ce0aecd3d49e124e478e1d9d692ccf332a07f1d085f3d6324127adc8154

    • SSDEEP

      12288:NMrey90dn19iSvnYlSkZso6i8k71M0WGHBhxFpid4n09:/y0aSySE6i8aM0WGH3Zi+nu

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks