General

  • Target

    e3b51398eceb66bfb64296684bb674a82d8b123fd6649178c43ac7a134856209

  • Size

    719KB

  • Sample

    241111-aaak2sybmd

  • MD5

    04f14ef0d5b5bbe0d8bc11e44835da37

  • SHA1

    b54256ab3f2efb9821f19ed5826edd6abfad0d0b

  • SHA256

    e3b51398eceb66bfb64296684bb674a82d8b123fd6649178c43ac7a134856209

  • SHA512

    57c2b039e3cf9c1db78ada2c91e723834d261825d0de19f7c8d3f3439fd99cd4618073f0a3c740e37c50d2ccd8016f730fe7ba2e3974040d44ae9bf033be130c

  • SSDEEP

    12288:AMrJy90dp3VccQYG3vvD/WlofOlGz88MPgIPRn+ojAzA7h3FoDeYZ:ZyQp3VcflnDOqR88MPgIJn7szA7zyD

Malware Config

Extracted

Family

redline

Botnet

fusa

C2

193.233.20.12:4132

Attributes
  • auth_value

    a08b2f01bd2af756e38c5dd60e87e697

Targets

    • Target

      e3b51398eceb66bfb64296684bb674a82d8b123fd6649178c43ac7a134856209

    • Size

      719KB

    • MD5

      04f14ef0d5b5bbe0d8bc11e44835da37

    • SHA1

      b54256ab3f2efb9821f19ed5826edd6abfad0d0b

    • SHA256

      e3b51398eceb66bfb64296684bb674a82d8b123fd6649178c43ac7a134856209

    • SHA512

      57c2b039e3cf9c1db78ada2c91e723834d261825d0de19f7c8d3f3439fd99cd4618073f0a3c740e37c50d2ccd8016f730fe7ba2e3974040d44ae9bf033be130c

    • SSDEEP

      12288:AMrJy90dp3VccQYG3vvD/WlofOlGz88MPgIPRn+ojAzA7h3FoDeYZ:ZyQp3VcflnDOqR88MPgIJn7szA7zyD

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks