General

  • Target

    7e41e4fa8bcf767005dd15b35ad8d4a970902cbeee448be478355be6c0001419

  • Size

    200KB

  • Sample

    241118-b6f85szner

  • MD5

    e941afe5e63ec9b759b5ee8454911217

  • SHA1

    a7f3a5d0666d7c8936626cc964236a54d7150527

  • SHA256

    7e41e4fa8bcf767005dd15b35ad8d4a970902cbeee448be478355be6c0001419

  • SHA512

    43fa0cdd3f7aa29bc720328b184340a8fadf7d56ddb129f9cbd5c3a5c2881b61d585ef6c5dc288ba6c2bb63b00b70a52a77a93ede4fa68d0886d714834f7519e

  • SSDEEP

    3072:KTy+bnr+O1w5GWp1icKAArDZz4N9GhbkrNEk61zacxnKSfSyxAlY7:KTy+bnr+vp0yN90QEHzZxnKSnt

Malware Config

Extracted

Family

redline

Botnet

fusa

C2

193.233.20.12:4132

Attributes
  • auth_value

    a08b2f01bd2af756e38c5dd60e87e697

Targets

    • Target

      7e41e4fa8bcf767005dd15b35ad8d4a970902cbeee448be478355be6c0001419

    • Size

      200KB

    • MD5

      e941afe5e63ec9b759b5ee8454911217

    • SHA1

      a7f3a5d0666d7c8936626cc964236a54d7150527

    • SHA256

      7e41e4fa8bcf767005dd15b35ad8d4a970902cbeee448be478355be6c0001419

    • SHA512

      43fa0cdd3f7aa29bc720328b184340a8fadf7d56ddb129f9cbd5c3a5c2881b61d585ef6c5dc288ba6c2bb63b00b70a52a77a93ede4fa68d0886d714834f7519e

    • SSDEEP

      3072:KTy+bnr+O1w5GWp1icKAArDZz4N9GhbkrNEk61zacxnKSfSyxAlY7:KTy+bnr+vp0yN90QEHzZxnKSnt

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks