Overview

overview

10

Static

static

3

177397ad62...93.exe

windows7-x64

10

177397ad62...93.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    177397ad62413fc008bd3836d10109abed11c001b42bb4be9d359be2ebb05793

  • Size

    567KB

  • Sample

    230506-zfzvkaeg9v

  • MD5

    9997fd3175f50c1e35624662175bdbd6

  • SHA1

    34ba74cf508783b78f63dd70c791b8aad0dca1bb

  • SHA256

    177397ad62413fc008bd3836d10109abed11c001b42bb4be9d359be2ebb05793

  • SHA512

    477b5b154f7e0ad8babadd13755af0aaed4ce23180cfa0fd03c752e7272e88f16bba233f80b8987c325d31fbcf74ded1a81dee0088970fbf6ac8bdf10753b81c

  • SSDEEP

    12288:5MrZy90GIn3fD4C9ePFiV0BgJm6iWGcZPi4RS4hT8UBlu:Yyk3fDDec0BgE6iWXZqMSsTnS

Score
10/10
redlinedarminfostealerpersistencestealer

Malware Config

Extracted

Family

redline

Botnet

darm

C2

217.196.96.56:4138

Attributes
  • auth_value

    d88ac8ccc04ab9979b04b46313db1648

Targets

    • Target

      177397ad62413fc008bd3836d10109abed11c001b42bb4be9d359be2ebb05793

    • Size

      567KB

    • MD5

      9997fd3175f50c1e35624662175bdbd6

    • SHA1

      34ba74cf508783b78f63dd70c791b8aad0dca1bb

    • SHA256

      177397ad62413fc008bd3836d10109abed11c001b42bb4be9d359be2ebb05793

    • SHA512

      477b5b154f7e0ad8babadd13755af0aaed4ce23180cfa0fd03c752e7272e88f16bba233f80b8987c325d31fbcf74ded1a81dee0088970fbf6ac8bdf10753b81c

    • SSDEEP

      12288:5MrZy90GIn3fD4C9ePFiV0BgJm6iWGcZPi4RS4hT8UBlu:Yyk3fDDec0BgE6iWXZqMSsTnS

    Score
    10/10
    redlinedarminfostealerpersistencestealer

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

      stealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks