General

  • Target

    62137d2373f8b506e9be61d29c8b61e026d664708dcf39c9aa43cb8e0fc4ad82

  • Size

    478KB

  • Sample

    241110-w92dpssgmf

  • MD5

    772a058a291bb8e7e73081a4504bdeba

  • SHA1

    6b798ceb73d7e516b5b27d2d5b4e53cd4bd49a31

  • SHA256

    62137d2373f8b506e9be61d29c8b61e026d664708dcf39c9aa43cb8e0fc4ad82

  • SHA512

    ec5bfa12ea19fb9ba2f18fb706ed056a4646def21111d4145e5c61dae562bfdf7796a8e1e2822e16f68dc7c1f63c9d8b8b3a608ed2356175afb99b023513c662

  • SSDEEP

    12288:EMrfy90arzAf5VETaIPK3TMMZNHespFwi:LyNzOVETaakMMZN+Cj

Malware Config

Extracted

Family

redline

Botnet

fusa

C2

193.233.20.12:4132

Attributes
  • auth_value

    a08b2f01bd2af756e38c5dd60e87e697

Targets

    • Target

      62137d2373f8b506e9be61d29c8b61e026d664708dcf39c9aa43cb8e0fc4ad82

    • Size

      478KB

    • MD5

      772a058a291bb8e7e73081a4504bdeba

    • SHA1

      6b798ceb73d7e516b5b27d2d5b4e53cd4bd49a31

    • SHA256

      62137d2373f8b506e9be61d29c8b61e026d664708dcf39c9aa43cb8e0fc4ad82

    • SHA512

      ec5bfa12ea19fb9ba2f18fb706ed056a4646def21111d4145e5c61dae562bfdf7796a8e1e2822e16f68dc7c1f63c9d8b8b3a608ed2356175afb99b023513c662

    • SSDEEP

      12288:EMrfy90arzAf5VETaIPK3TMMZNHespFwi:LyNzOVETaakMMZN+Cj

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks