General

  • Target

    4ed08dc082370d7b33a2aa64b418c1686cbd2d0198b501e00dccab7dedf9f160

  • Size

    261KB

  • Sample

    241109-za6qxs1kax

  • MD5

    a1bcc7a0c789d1d3e92c5142d3440205

  • SHA1

    66c282d1587a181e460b5aff3240e32639f2247b

  • SHA256

    4ed08dc082370d7b33a2aa64b418c1686cbd2d0198b501e00dccab7dedf9f160

  • SHA512

    a18dcf883e70cbd2885ac0cb348398d06f631edeee84eb1bf17ed4c5b69a5aa5a85a59eed89a13a22665781145302ea7d1a56ba5d6270db1e3eb64e182f84777

  • SSDEEP

    6144:jC8iSJQYbcA/fq+fe6hmu4a4nnlXyUrIA0:OlSeYbvKb6c9nlXj0

Malware Config

Extracted

Family

redline

Botnet

cspace

C2

clitspace.com:80

Attributes
  • auth_value

    aa25c0a7500ac071e2027483d14b1d31

Targets

    • Target

      9df9fedac09a927e5cb60bcdca9495e6402b8c0328ad0037b7e3c3c63150dfdd

    • Size

      400KB

    • MD5

      73cda9ae7da8c31ba6bd2f056a1646ad

    • SHA1

      a5447b948ed9b15cd9cc76894e976630c122c23e

    • SHA256

      9df9fedac09a927e5cb60bcdca9495e6402b8c0328ad0037b7e3c3c63150dfdd

    • SHA512

      a7aab56c2e27270246d19cc5ea35122516f122c79cebe68109adc5d3342ee55c87111e55c934a58d066314924fa55fb4586448428bfadd6ee24a89f945f40272

    • SSDEEP

      12288:iL8brvbXOD2zhhQ58QA34Vggsp6bV2rB5V:C2fXOq1h/QFVMp6bV

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

MITRE ATT&CK Enterprise v15

Tasks