General

  • Target

    c036777b1468d10cc5d88590e62b4bd55676b5e15e3a372a3b2659b6b814c01c

  • Size

    477KB

  • Sample

    241111-ee4rxascpr

  • MD5

    2ac7f536593753f4b39b90f6bf5de9be

  • SHA1

    9abe059f98e06e28800570e1dd8ab2b06bf94b62

  • SHA256

    c036777b1468d10cc5d88590e62b4bd55676b5e15e3a372a3b2659b6b814c01c

  • SHA512

    74987a7189a876f2a9e046302106f794b601f9b3d077d32eb9212c5121b262ff839bb8e3196cc3bdc04aec4ee8b4071e266b14253f338667cd4daab8e0b70b5e

  • SSDEEP

    12288:lMrgy904tQiusV3GcD2yQQi62xTx5lsFbp:9yxjrVWo9Yl/sVp

Malware Config

Extracted

Family

redline

Botnet

fusa

C2

193.233.20.12:4132

Attributes
  • auth_value

    a08b2f01bd2af756e38c5dd60e87e697

Targets

    • Target

      c036777b1468d10cc5d88590e62b4bd55676b5e15e3a372a3b2659b6b814c01c

    • Size

      477KB

    • MD5

      2ac7f536593753f4b39b90f6bf5de9be

    • SHA1

      9abe059f98e06e28800570e1dd8ab2b06bf94b62

    • SHA256

      c036777b1468d10cc5d88590e62b4bd55676b5e15e3a372a3b2659b6b814c01c

    • SHA512

      74987a7189a876f2a9e046302106f794b601f9b3d077d32eb9212c5121b262ff839bb8e3196cc3bdc04aec4ee8b4071e266b14253f338667cd4daab8e0b70b5e

    • SSDEEP

      12288:lMrgy904tQiusV3GcD2yQQi62xTx5lsFbp:9yxjrVWo9Yl/sVp

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks