Overview

overview

10

Static

static

3

3b07b9c752...5c.exe

windows7-x64

10

3b07b9c752...5c.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3b07b9c752b1da9234cadd0f6bbcf9a03a03e518605632e3d2991f9f4f6cee5c

  • Size

    566KB

  • Sample

    230506-z9v4gahh6t

  • MD5

    5bea3d01474e5e8cd7222f54972dbbd7

  • SHA1

    f1e4941abae4017a5bbc8c969eaf83f3b7910feb

  • SHA256

    3b07b9c752b1da9234cadd0f6bbcf9a03a03e518605632e3d2991f9f4f6cee5c

  • SHA512

    a5ee2c78b121ec114b3b2ebd81f10416ab9f1ac862ddbf54798f0814a804ae23d85cd33131ff6778738552d67b1db69fd15ce1f019d66db27ec9be7aa173a9f6

  • SSDEEP

    12288:uMrdy90a53UFQM1HUg1eEu8+Z8bUkLAjpMfHm:jyhEFRJUP8+bAqcHm

Score
10/10
redlinedarminfostealerpersistencestealer

Malware Config

Extracted

Family

redline

Botnet

darm

C2

217.196.96.56:4138

Attributes
  • auth_value

    d88ac8ccc04ab9979b04b46313db1648

Targets

    • Target

      3b07b9c752b1da9234cadd0f6bbcf9a03a03e518605632e3d2991f9f4f6cee5c

    • Size

      566KB

    • MD5

      5bea3d01474e5e8cd7222f54972dbbd7

    • SHA1

      f1e4941abae4017a5bbc8c969eaf83f3b7910feb

    • SHA256

      3b07b9c752b1da9234cadd0f6bbcf9a03a03e518605632e3d2991f9f4f6cee5c

    • SHA512

      a5ee2c78b121ec114b3b2ebd81f10416ab9f1ac862ddbf54798f0814a804ae23d85cd33131ff6778738552d67b1db69fd15ce1f019d66db27ec9be7aa173a9f6

    • SSDEEP

      12288:uMrdy90a53UFQM1HUg1eEu8+Z8bUkLAjpMfHm:jyhEFRJUP8+bAqcHm

    Score
    10/10
    redlinedarminfostealerpersistencestealer

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

      stealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks