General

  • Target

    a130c0c30f13bfc4e0500613230fddad81e02f17d9f7394cc204f127632dae53.exe

  • Size

    715KB

  • Sample

    241117-xywvhswkgv

  • MD5

    5b5198c70733d0587e1df6856d96107e

  • SHA1

    34a8a24767b6f0ad6be619b89521150509b2c584

  • SHA256

    a130c0c30f13bfc4e0500613230fddad81e02f17d9f7394cc204f127632dae53

  • SHA512

    1b7a9e842d3b576298addd645f39ee295d708688ce811d4c92ffaa7c0248b3fd5d2b85cb3866d7c2c0419d17c63a3f6cc4e8d5e951b43f75099b79421353bc21

  • SSDEEP

    12288:kMrky905ZGCV7O1RYwuNDnUOierwegK88SfbIPo/jMe/ChjOR0r9EyFGL521D:IyGJV7UMN4zLK88SfbI+jMe/3SREyFGm

Malware Config

Extracted

Family

redline

Botnet

fusa

C2

193.233.20.12:4132

Attributes
  • auth_value

    a08b2f01bd2af756e38c5dd60e87e697

Targets

    • Target

      a130c0c30f13bfc4e0500613230fddad81e02f17d9f7394cc204f127632dae53.exe

    • Size

      715KB

    • MD5

      5b5198c70733d0587e1df6856d96107e

    • SHA1

      34a8a24767b6f0ad6be619b89521150509b2c584

    • SHA256

      a130c0c30f13bfc4e0500613230fddad81e02f17d9f7394cc204f127632dae53

    • SHA512

      1b7a9e842d3b576298addd645f39ee295d708688ce811d4c92ffaa7c0248b3fd5d2b85cb3866d7c2c0419d17c63a3f6cc4e8d5e951b43f75099b79421353bc21

    • SSDEEP

      12288:kMrky905ZGCV7O1RYwuNDnUOierwegK88SfbIPo/jMe/ChjOR0r9EyFGL521D:IyGJV7UMN4zLK88SfbI+jMe/3SREyFGm

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks