General
-
Target
e4a94d95c0af5a7082f90904e577ab04.bin
-
Size
2.4MB
-
Sample
240104-cfxc4sehar
-
MD5
e6a0594d4a40f1932d393224e7b93e61
-
SHA1
a0a60e0d3e276e90c5c759ddb30ed04c724ac013
-
SHA256
6f968602f98f3ba702beb27c117e7ea2824517006d01234d8b216055e1f29273
-
SHA512
881748200d7d1b0956abe207ffd20bf0b1a74a5a16f2b5d9c08dc8936e09d8d64d9fce42c7af4aab5e4a09ac3f037b8ff602df54eb3bf3cefd3b4c83f002ff06
-
SSDEEP
49152:tVF+ZWAGBI5T+UD4QCgMy98fKTb+ChCY68rVh0LQHVq9RQgvv0GXjxXpdRCc:vF+ZWzBkne5y92mHCkBmLpQg0KjxZdoc
Static task
static1
Behavioral task
behavioral1
Sample
124d756a655a6c4338f61ec8f43551dce23078e04d51ca4c03ca34f5df66af27.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
124d756a655a6c4338f61ec8f43551dce23078e04d51ca4c03ca34f5df66af27.exe
Resource
win10v2004-20231222-en
Malware Config
Extracted
redline
777
195.20.16.103:20440
Targets
-
-
Target
124d756a655a6c4338f61ec8f43551dce23078e04d51ca4c03ca34f5df66af27.exe
-
Size
2.5MB
-
MD5
e4a94d95c0af5a7082f90904e577ab04
-
SHA1
b2c6961b3f7e3c5fe0fe86743a3360633ab2c200
-
SHA256
124d756a655a6c4338f61ec8f43551dce23078e04d51ca4c03ca34f5df66af27
-
SHA512
3158b5f2e80e2bf1312e88cf43e1754068f0a28f620cbf09e1945e820796aadc39bf0dca04ea7d150aa167aa1bd08945980d6cc5602ac6593e9fd08ec6b9c44d
-
SSDEEP
49152:hAcs6KxDps2x208AjgcbniYA5Ml2CgUBe+82POGAPmtnDguqFfzBk:OdtstrAjgcbiYx2rAZWJ4Uuq9+
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1