General

  • Target

    8cf80e38f9c80878bcd4b791c50a3326c625c2aa4de1bc89dd06807eb2f7187b

  • Size

    723KB

  • Sample

    241111-fs6n4atfmb

  • MD5

    e4c30394132b939f3ed30d5ce54a859f

  • SHA1

    d0776883f71ff6bd048a49533150cb49e2b6e91e

  • SHA256

    8cf80e38f9c80878bcd4b791c50a3326c625c2aa4de1bc89dd06807eb2f7187b

  • SHA512

    6ee05a2fa7782e7a34571fd16383c6119a3e8113e1a97faaa1c238035f0ac951bf091e2d83764cb2d93f4c27de63f828bfcc6fb136202dcf033de28b809475a5

  • SSDEEP

    12288:YMryy90j8kWpbFCwEQf7GaVM7bR388AruIPwUk+IdX3OOx1Z/zhiEH:qyIWZEQ6uMvR388AruIloX3OCZ/zcEH

Malware Config

Extracted

Family

redline

Botnet

fusa

C2

193.233.20.12:4132

Attributes
  • auth_value

    a08b2f01bd2af756e38c5dd60e87e697

Targets

    • Target

      8cf80e38f9c80878bcd4b791c50a3326c625c2aa4de1bc89dd06807eb2f7187b

    • Size

      723KB

    • MD5

      e4c30394132b939f3ed30d5ce54a859f

    • SHA1

      d0776883f71ff6bd048a49533150cb49e2b6e91e

    • SHA256

      8cf80e38f9c80878bcd4b791c50a3326c625c2aa4de1bc89dd06807eb2f7187b

    • SHA512

      6ee05a2fa7782e7a34571fd16383c6119a3e8113e1a97faaa1c238035f0ac951bf091e2d83764cb2d93f4c27de63f828bfcc6fb136202dcf033de28b809475a5

    • SSDEEP

      12288:YMryy90j8kWpbFCwEQf7GaVM7bR388AruIPwUk+IdX3OOx1Z/zhiEH:qyIWZEQ6uMvR388AruIloX3OCZ/zcEH

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks