General

  • Target

    82f9b2394fea9ad6d1b03abcfefc64675d43d2899db26c2559082df39a1028f6

  • Size

    550KB

  • Sample

    241110-zra1ksvgme

  • MD5

    7ba4cc772d64e455424a7696af145f1b

  • SHA1

    e60436894e26b26baee81cc758d3e00d48e100a6

  • SHA256

    82f9b2394fea9ad6d1b03abcfefc64675d43d2899db26c2559082df39a1028f6

  • SHA512

    ac08d3171f836da333cbd869957e333383d1c29962f1ba0c148d44ddf6dbdb0a3333384091c059a41fa0d14db3fc20dac82a712020ead1ea7db32e0959c46500

  • SSDEEP

    12288:wMrty906iDZzZ+uY7pwdAT8vUZ3jr+yC63egbtud:NyrkZFs7pwd9Qjr+HYbbcd

Malware Config

Extracted

Family

redline

Botnet

fusa

C2

193.233.20.12:4132

Attributes
  • auth_value

    a08b2f01bd2af756e38c5dd60e87e697

Targets

    • Target

      82f9b2394fea9ad6d1b03abcfefc64675d43d2899db26c2559082df39a1028f6

    • Size

      550KB

    • MD5

      7ba4cc772d64e455424a7696af145f1b

    • SHA1

      e60436894e26b26baee81cc758d3e00d48e100a6

    • SHA256

      82f9b2394fea9ad6d1b03abcfefc64675d43d2899db26c2559082df39a1028f6

    • SHA512

      ac08d3171f836da333cbd869957e333383d1c29962f1ba0c148d44ddf6dbdb0a3333384091c059a41fa0d14db3fc20dac82a712020ead1ea7db32e0959c46500

    • SSDEEP

      12288:wMrty906iDZzZ+uY7pwdAT8vUZ3jr+yC63egbtud:NyrkZFs7pwd9Qjr+HYbbcd

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks