Overview

overview

10

Static

static

3

baca132ca9...24.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    baca132ca9a5d9a9a1c0c6717566f23e768008f38a7f02289d6741f834431624

  • Size

    539KB

  • Sample

    241111-a6q8nssjem

  • MD5

    fbd9019b2e7bc96585548fc9d22a12f2

  • SHA1

    61b71be90aaa5be176c7f11eabf8ac439f07894f

  • SHA256

    baca132ca9a5d9a9a1c0c6717566f23e768008f38a7f02289d6741f834431624

  • SHA512

    6e1e43820b00b0d34d51e4b06a57514f7fcbf16760e01c0fc712bf4f9c956d2bc5d6f517d0c0613df58396b533e9a22274565cdd56caaa43b11d89de596ed0ce

  • SSDEEP

    12288:pMrVy90TFkG5wyNN0uf/nx9RWxYZ0GESMkBRi:8yc5jNSuXXHWCY

Score
10/10
redlinefusadiscoveryinfostealerpersistence

Malware Config

Extracted

Family

redline

Botnet

fusa

C2

193.233.20.12:4132

Attributes
  • auth_value

    a08b2f01bd2af756e38c5dd60e87e697

Targets

    • Target

      baca132ca9a5d9a9a1c0c6717566f23e768008f38a7f02289d6741f834431624

    • Size

      539KB

    • MD5

      fbd9019b2e7bc96585548fc9d22a12f2

    • SHA1

      61b71be90aaa5be176c7f11eabf8ac439f07894f

    • SHA256

      baca132ca9a5d9a9a1c0c6717566f23e768008f38a7f02289d6741f834431624

    • SHA512

      6e1e43820b00b0d34d51e4b06a57514f7fcbf16760e01c0fc712bf4f9c956d2bc5d6f517d0c0613df58396b533e9a22274565cdd56caaa43b11d89de596ed0ce

    • SSDEEP

      12288:pMrVy90TFkG5wyNN0uf/nx9RWxYZ0GESMkBRi:8yc5jNSuXXHWCY

    Score
    10/10
    redlinefusadiscoveryinfostealerpersistence

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks