Overview

overview

10

Static

static

3

ffca1ddbff...91.exe

windows7-x64

10

ffca1ddbff...91.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ffca1ddbff9f0e7f4644f987dff8916533aa56fb66d71ed4cb87c9cabd2f8e91

  • Size

    1.5MB

  • Sample

    230507-kzl1gseh3t

  • MD5

    2f500d17337e9e612d6673e05ad272d6

  • SHA1

    cecba24029cff3333bbfc6ee1dc2eff8deffa086

  • SHA256

    ffca1ddbff9f0e7f4644f987dff8916533aa56fb66d71ed4cb87c9cabd2f8e91

  • SHA512

    e3680ed43050fc2f3c7f228a10e64c633f16971b56d92e5f28ba2964845ec855a0032b36d90185f40707334d9eedf0e93061cc0f489d5fc03b5e1deb71f0859c

  • SSDEEP

    24576:hyFfCkL4o+fHTkGnYu7KNBvneXVjKgq8ozWIKcKXnI75gp2GW0wmqO8vulVFwDxP:U5Cftz9oBveljKgqZ/fdChW3yjFwVpdd

Score
10/10
redlinemostinfostealerpersistencestealer

Malware Config

Extracted

Family

redline

Botnet

most

C2

185.161.248.73:4164

Attributes
  • auth_value

    7da4dfa153f2919e617aa016f7c36008

Targets

    • Target

      ffca1ddbff9f0e7f4644f987dff8916533aa56fb66d71ed4cb87c9cabd2f8e91

    • Size

      1.5MB

    • MD5

      2f500d17337e9e612d6673e05ad272d6

    • SHA1

      cecba24029cff3333bbfc6ee1dc2eff8deffa086

    • SHA256

      ffca1ddbff9f0e7f4644f987dff8916533aa56fb66d71ed4cb87c9cabd2f8e91

    • SHA512

      e3680ed43050fc2f3c7f228a10e64c633f16971b56d92e5f28ba2964845ec855a0032b36d90185f40707334d9eedf0e93061cc0f489d5fc03b5e1deb71f0859c

    • SSDEEP

      24576:hyFfCkL4o+fHTkGnYu7KNBvneXVjKgq8ozWIKcKXnI75gp2GW0wmqO8vulVFwDxP:U5Cftz9oBveljKgqZ/fdChW3yjFwVpdd

    Score
    10/10
    redlinemostinfostealerpersistencestealer

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

      stealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks