General

  • Target

    362b007095077605e72ecf1bd93ac3f908c0c969bd4afc2dacc71638ff96d263N

  • Size

    724KB

  • Sample

    241109-26gssatkfz

  • MD5

    960c1b8e67e7b2e7b822ba579ae418e0

  • SHA1

    22de6b9a154cc5e2d254c420435d661a89988124

  • SHA256

    362b007095077605e72ecf1bd93ac3f908c0c969bd4afc2dacc71638ff96d263

  • SHA512

    f0351ae9a6ca8d2c960368a34075d743a0ae03cea7cb8f83fc01946cb0e81c670bf3c03d4af0bff80e9bec7741db00616d99f6d07bbec0c673c895c75be82818

  • SSDEEP

    12288:AMrZy90aAAXQxwFxxu42lRtyoUlnS/88O55IPg7irHTb3E7hglEEGdq:pyJAAgx/BlWBl888O55IZTLE7h2

Malware Config

Extracted

Family

redline

Botnet

fusa

C2

193.233.20.12:4132

Attributes
  • auth_value

    a08b2f01bd2af756e38c5dd60e87e697

Targets

    • Target

      362b007095077605e72ecf1bd93ac3f908c0c969bd4afc2dacc71638ff96d263N

    • Size

      724KB

    • MD5

      960c1b8e67e7b2e7b822ba579ae418e0

    • SHA1

      22de6b9a154cc5e2d254c420435d661a89988124

    • SHA256

      362b007095077605e72ecf1bd93ac3f908c0c969bd4afc2dacc71638ff96d263

    • SHA512

      f0351ae9a6ca8d2c960368a34075d743a0ae03cea7cb8f83fc01946cb0e81c670bf3c03d4af0bff80e9bec7741db00616d99f6d07bbec0c673c895c75be82818

    • SSDEEP

      12288:AMrZy90aAAXQxwFxxu42lRtyoUlnS/88O55IPg7irHTb3E7hglEEGdq:pyJAAgx/BlWBl888O55IZTLE7h2

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks