General

  • Target

    caf9c5b198cf0ab2ee8befb9c3b4243aad201acbb1e0771973a4371add35eb89N.exe

  • Size

    200KB

  • Sample

    241119-am9wnssrdp

  • MD5

    9c62ddd45dc039130da7d900eb3d4840

  • SHA1

    e2c195d67561e59223fa51fafdb9bb6b75f61f60

  • SHA256

    caf9c5b198cf0ab2ee8befb9c3b4243aad201acbb1e0771973a4371add35eb89

  • SHA512

    dcd2ffc70d48c96aab934076de9ef51d4f25c61133fc0fd44c666ad2451bbc48a46ed44ad665839de908391e6375bcc889523e145f774acebc08a85d68f867b4

  • SSDEEP

    3072:K3y+bnr+O105GWp1icKAArDZz4N9GhbkrNEk6zzacxnKSfSyxplY7:K3y+bnr+Tp0yN90QERzZxnKSns

Malware Config

Extracted

Family

redline

Botnet

fusa

C2

193.233.20.12:4132

Attributes
  • auth_value

    a08b2f01bd2af756e38c5dd60e87e697

Targets

    • Target

      caf9c5b198cf0ab2ee8befb9c3b4243aad201acbb1e0771973a4371add35eb89N.exe

    • Size

      200KB

    • MD5

      9c62ddd45dc039130da7d900eb3d4840

    • SHA1

      e2c195d67561e59223fa51fafdb9bb6b75f61f60

    • SHA256

      caf9c5b198cf0ab2ee8befb9c3b4243aad201acbb1e0771973a4371add35eb89

    • SHA512

      dcd2ffc70d48c96aab934076de9ef51d4f25c61133fc0fd44c666ad2451bbc48a46ed44ad665839de908391e6375bcc889523e145f774acebc08a85d68f867b4

    • SSDEEP

      3072:K3y+bnr+O105GWp1icKAArDZz4N9GhbkrNEk6zzacxnKSfSyxplY7:K3y+bnr+Tp0yN90QERzZxnKSns

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks