General

  • Target

    b92ad5e58df2ca2fabacc0f54c5b925912ab58095c81f7a58f1a20b63d8956ab.exe

  • Size

    200KB

  • Sample

    241117-wfr8yavgkq

  • MD5

    32f857011d83e7cf82aa66ef66e5dc7e

  • SHA1

    44b0efa7474e92dc29d3d4a307154d618e1d2622

  • SHA256

    b92ad5e58df2ca2fabacc0f54c5b925912ab58095c81f7a58f1a20b63d8956ab

  • SHA512

    1ceed778f1bbd9c1c1eedb41cc685387048113584ce1445a8ba9f71e7c569791d7da7d4948ba526cb997ccab9cd4a89426f7d3927721133e3aafd6b27911ff23

  • SSDEEP

    3072:K3y+bnr+O105GWp1icKAArDZz4N9GhbkrNEk6zzacxnKSfSyxplY7h:K3y+bnr+Tp0yN90QERzZxnKSns1

Malware Config

Extracted

Family

redline

Botnet

fusa

C2

193.233.20.12:4132

Attributes
  • auth_value

    a08b2f01bd2af756e38c5dd60e87e697

Targets

    • Target

      b92ad5e58df2ca2fabacc0f54c5b925912ab58095c81f7a58f1a20b63d8956ab.exe

    • Size

      200KB

    • MD5

      32f857011d83e7cf82aa66ef66e5dc7e

    • SHA1

      44b0efa7474e92dc29d3d4a307154d618e1d2622

    • SHA256

      b92ad5e58df2ca2fabacc0f54c5b925912ab58095c81f7a58f1a20b63d8956ab

    • SHA512

      1ceed778f1bbd9c1c1eedb41cc685387048113584ce1445a8ba9f71e7c569791d7da7d4948ba526cb997ccab9cd4a89426f7d3927721133e3aafd6b27911ff23

    • SSDEEP

      3072:K3y+bnr+O105GWp1icKAArDZz4N9GhbkrNEk6zzacxnKSfSyxplY7h:K3y+bnr+Tp0yN90QERzZxnKSns1

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks