General

  • Target

    5c3af2a9e1a953b8c03c97c7d23ad794d5fb0e8a035cac95da321d7055b16793.exe

  • Size

    738KB

  • Sample

    241118-ne4lkswbml

  • MD5

    d976b76a3b7e99ca87e18679a86ee1d4

  • SHA1

    e1d3be6ccf495b24b7553e22f2823212b1e4b520

  • SHA256

    5c3af2a9e1a953b8c03c97c7d23ad794d5fb0e8a035cac95da321d7055b16793

  • SHA512

    f8a4538dd936c78d70d07211ea4d81b547474b2d5ee4d1b4d5427322accfb86d8e24955ab1c13e4abe93f9453ff7ee8a05991984e8046b3339893fad7420da48

  • SSDEEP

    12288:hMr+y90dL6VBPScvwWD2B6uG8+R88QRRIPFpUx6DRYFF97FtzRf5w:LyxVlGK7R88QRRIjUx6DRiffFxw

Malware Config

Extracted

Family

redline

Botnet

fusa

C2

193.233.20.12:4132

Attributes
  • auth_value

    a08b2f01bd2af756e38c5dd60e87e697

Targets

    • Target

      5c3af2a9e1a953b8c03c97c7d23ad794d5fb0e8a035cac95da321d7055b16793.exe

    • Size

      738KB

    • MD5

      d976b76a3b7e99ca87e18679a86ee1d4

    • SHA1

      e1d3be6ccf495b24b7553e22f2823212b1e4b520

    • SHA256

      5c3af2a9e1a953b8c03c97c7d23ad794d5fb0e8a035cac95da321d7055b16793

    • SHA512

      f8a4538dd936c78d70d07211ea4d81b547474b2d5ee4d1b4d5427322accfb86d8e24955ab1c13e4abe93f9453ff7ee8a05991984e8046b3339893fad7420da48

    • SSDEEP

      12288:hMr+y90dL6VBPScvwWD2B6uG8+R88QRRIPFpUx6DRYFF97FtzRf5w:LyxVlGK7R88QRRIjUx6DRiffFxw

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks