General
-
Target
2dc65011521e7ad60108888f5371fb028a91e927b1073cb9289f80fd02ee1763
-
Size
10.6MB
-
Sample
240513-j4ksjsdg7v
-
MD5
387c73cb1f4e970fc0badc84a7a92146
-
SHA1
56cac9b8e358fe36dd32e8602f20c4fa1420ad17
-
SHA256
2dc65011521e7ad60108888f5371fb028a91e927b1073cb9289f80fd02ee1763
-
SHA512
b6dbf337a1fe5ef33ffd83d88ea46d7aff405f045423b11d0652fa848e85dc57e66b9465844223256d0d96bba6e572653874066425f262efa7f06d641b8bc639
-
SSDEEP
196608:0Y5C0hXFxHNR+z+2hf5ZYK28isQ3WYNb9npmcXjTIInqIBLcQF7zmNfVwhToyV7s:0Y5C0hRRqhhWK2DcYvAcHzX2Vwh8YanB
Malware Config
Extracted
redline
divan
217.196.96.102:4132
-
auth_value
b414986bebd7f5a3ec9aee0341b8e769
Extracted
amadey
3.86
http://77.91.68.61
-
install_dir
925e7e99c5
-
install_file
pdates.exe
-
strings_key
ada76b8b0e1f6892ee93c20ab8946117
-
url_paths
/rock/index.php
Extracted
redline
lande
77.91.124.84:19071
-
auth_value
9fa41701c47df37786234f3373f21208
Extracted
redline
mufos
217.196.96.102:4132
-
auth_value
136f202e6569ad5815c34377858a255c
Extracted
redline
masha
77.91.68.48:19071
-
auth_value
55b9b39a0dae383196a4b8d79e5bb805
Extracted
redline
breha
77.91.124.55:19071
Extracted
redline
lamp
77.91.68.56:19071
-
auth_value
ee1df63bcdbe3de70f52810d94eaff7d
Extracted
amadey
3.85
http://77.91.68.3
-
install_dir
3ec1f323b5
-
install_file
danke.exe
-
strings_key
827021be90f1e85ab27949ea7e9347e8
-
url_paths
/home/love/index.php
Extracted
redline
nasa
77.91.68.68:19071
-
auth_value
6da71218d8a9738ea3a9a78b5677589b
Extracted
redline
5345987420
https://pastebin.com/raw/NgsUAPya
Extracted
redline
krast
77.91.68.68:19071
-
auth_value
9059ea331e4599de3746df73ccb24514
Targets
-
-
Target
1668096fbfea278168a053bdb5fffa557e8bf8afd9b1ea6f4de43adb16c9cd95
-
Size
479KB
-
MD5
7f49fbad9deac685128f491544e5c1ce
-
SHA1
36cf42fed2202916054385cc7e211b72fc291bcc
-
SHA256
1668096fbfea278168a053bdb5fffa557e8bf8afd9b1ea6f4de43adb16c9cd95
-
SHA512
39be089403bd511409164f64ae11e994dcf767d295dddf7436603c49e6e5715d149e7b529b074b04caec7bdd223fd01a62aad7936e21c1689e1daf87059ddacc
-
SSDEEP
12288:TMrSy90laaW4gICwq90wpMWmgPLlzJkW4IRQRiXMZpZ:NyahW4gICPrTmshCWVhcZpZ
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
2159151861e461f2ae831fef44ef4a519defe4741536ef19cc47163f7504ce2d
-
Size
479KB
-
MD5
6e781f1e4a262ee83b43f80fe97bd5c5
-
SHA1
41cb282926f44cf675588fc7a1786d507835faf2
-
SHA256
2159151861e461f2ae831fef44ef4a519defe4741536ef19cc47163f7504ce2d
-
SHA512
a98e68d010b7c0f77d6ace5d3162e3216f07022426d661211c077391d11d8dd09ebd4fecd37c696bc4574ab12ef4b9513ae2988479fd7200307f57a74fc01cec
-
SSDEEP
12288:UMruy90kvTNQ6sxa8OHz6Relk06eJrf3Gd6xDLu:6yFNUOHz6RelXr2aLu
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
22c5bd0a3e3c03e512f45c0ebd81b9cf7695279360a1c40cec90cf3efea5f219
-
Size
390KB
-
MD5
719e6ea06a5fac6ac3a3730e45fd1b75
-
SHA1
fa45885b397266a12ceb20cd060f70fd0f2e4b1f
-
SHA256
22c5bd0a3e3c03e512f45c0ebd81b9cf7695279360a1c40cec90cf3efea5f219
-
SHA512
3c3e4348ad6d76094f65dd34ba3b659b405f058aff738b43a27c87264a3ee706443e484cb1221326bc0ffcc641008c3c7fa0f81a81fd1192d7527ada3eaa30d5
-
SSDEEP
12288:VMrqy90GeXkEY3eepM9CcrGdRcHnl9yUBQJ:Py9VEY3sC5mHs
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
2a0ae333a9b72768e8a05e7ebbfe4b15cf581f8c08129c0639aeed58eaf7901a
-
Size
333KB
-
MD5
70b649dc98496fdd95d3c31dd28c8a96
-
SHA1
8ac9a901047426fcaec73a4fa061b85ab28a378a
-
SHA256
2a0ae333a9b72768e8a05e7ebbfe4b15cf581f8c08129c0639aeed58eaf7901a
-
SHA512
5a3c19ceee7df6d988bb3ad15c6242820629da8c941f69773f30fc7491a63629f6b1cfc603b2167b04ddbb85d304c1938b3f0d6f1af89af468a6ab5fb0ad873a
-
SSDEEP
6144:R1RwZfFQDiioMvzATd5W0jbSXRYyghzqjjjjjjjfMNV4iJBcp+0Xp:R/zDiioMvzA+iyg9qjjjjjjjf+V4iJB+
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
-
-
Target
4f86d48b3d0bdaa6f4d6e224cb3d78d45d0e5ff02992de35aad4053a747106df
-
Size
390KB
-
MD5
7b950b64ac08857b3deccaaa87a316a0
-
SHA1
9235f96b6b4b5c37b581556dadfa30dbce857034
-
SHA256
4f86d48b3d0bdaa6f4d6e224cb3d78d45d0e5ff02992de35aad4053a747106df
-
SHA512
41ffa8e9e51b67eff9f36c16cca9df10f7b2b71f6cee51fff1efed0e81b5a07c334c2616957258fa150192333cce87dd23459764e86e302d61325619c420766b
-
SSDEEP
6144:KMy+bnr+lp0yN90QEQ7y6KGyF4tgKY4Jrovv90vgBZ+t4UD9AT8sJeQ:0Mr9y90AyeVY46vv0gBYCU3sJZ
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
53ecffef24ddea22780ff63e0224bd9c1bf9d8533760949fff138bd5c432ce36
-
Size
389KB
-
MD5
721cdf94a8e81b489d510d66052c869e
-
SHA1
57c76085e66f4dabbcd3a06f782688f323722642
-
SHA256
53ecffef24ddea22780ff63e0224bd9c1bf9d8533760949fff138bd5c432ce36
-
SHA512
1f2a7bb699d0b71a7b96d1fbe71209762c008372a5780e2eb944d45a0261b4f2f9053553b34f5682125a39e4118f11d78a63ad3ef95d95a0b589413206f6442f
-
SSDEEP
12288:nMr8y905KXq38E0oTFiMibgBYCU4tRuvk:fyUKO8Ku0zjfgk
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
75ccbf328f1e4ec3537ebd63e6afcf1b951f8765d8b1c734b87a7073333332af
-
Size
769KB
-
MD5
7b850001f5713cbeaa0078d2b4a1f406
-
SHA1
e68fde0f08bd2353d118de3cefcbf2e6aca2ce7b
-
SHA256
75ccbf328f1e4ec3537ebd63e6afcf1b951f8765d8b1c734b87a7073333332af
-
SHA512
e1f35bd08f29bb6452ef58f318f7e911826b6f57e4418069a07e26d46599837acb2ed238da7179b253fbe57626d3f4886cf819cdf85b76de1bb5e42fa0ae6e9e
-
SSDEEP
12288:9Mroy90eCrZAz38uIrbDgTncDTLc97yZe6r5H+LcPyK:lyUaz38rrvgQfLc1ylwoPh
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
77ba6e93030c34c0c9c7b7ce05174d89515be6f64d93ad8fd6c5a7efd813f4c2
-
Size
479KB
-
MD5
7747534e219072927bd32135135ae16e
-
SHA1
09d12fe65a0042fd7f9a78d161a4c1193bf61c42
-
SHA256
77ba6e93030c34c0c9c7b7ce05174d89515be6f64d93ad8fd6c5a7efd813f4c2
-
SHA512
05976911d28cfb4c68217e152f6896b74a0d541429052454899c062131a04948a9ba48b3ac84823482c8a69695ad08e7e73c20e9df51859d9bebf3bf4b861cc9
-
SSDEEP
12288:RMr+y90ywjI0R2o/+h6H7yB9VCqUr6ObeGTlq:DyvMRZ+0H7m7xUe+LA
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
798aee8abbe13acdcba7ded2507144abfb3a7bdb36dfad1f88ebd752af5e0c5b
-
Size
390KB
-
MD5
77871a3c4e9d08f0bc052ba62e12af12
-
SHA1
3ef6e6678685530de4df5af5fd5b9d60787c3b8d
-
SHA256
798aee8abbe13acdcba7ded2507144abfb3a7bdb36dfad1f88ebd752af5e0c5b
-
SHA512
89eeeb2049d79b7ad1c4858c5f06c126780e2e0e13023ce18835930f6c9d127a1054fafbb1f25045483e741a5adf45ce7f60056b37f8f0ef913719b7f614c60f
-
SSDEEP
12288:AMrXy90QaSqo3yXhVTXgBYCMwDg8vz2zI:HyeSL3uhezjs8rII
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
79eaddd1dc15f0cdf5e503c8eff40a9cabfc9aca470a302c9e868d65a3670c70
-
Size
478KB
-
MD5
7f14be90da456e71fecfd8ac89d2cd2b
-
SHA1
87e9180ae88e72d5f10549bed0ab35814771fac6
-
SHA256
79eaddd1dc15f0cdf5e503c8eff40a9cabfc9aca470a302c9e868d65a3670c70
-
SHA512
e42e3a3ef28fcae134e58e3f308c678bc3ee9fdc3e4b8b1235f6ef0de67abd0a6ea20a8cbf31b6087e6f8e7f83c5742959153e453e675f4494162625044835d4
-
SSDEEP
12288:kMrQy90LlnmDAGXyy1TBdamxmuEW9YWJyclYT:UyilnmDAF4T/+uf9YMtYT
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
80ada740ebfd0573ea8825fc2b499a0d326897ebf254fc015852802a58a05452
-
Size
1.0MB
-
MD5
774a173c2d0a5266b73ba5527e606bbe
-
SHA1
13173b00db1bff7e45c00be7327ae24bbb6e2ca6
-
SHA256
80ada740ebfd0573ea8825fc2b499a0d326897ebf254fc015852802a58a05452
-
SHA512
076a9ad2a5d639f932936bc5d614fe0b2bdbfe162134eecbd706ef3ff979930e3efa7a2561935b445ee3f5e6e837c3e1fea8cd4b280d2f73f412106df05f8639
-
SSDEEP
12288:dMrly90aVXB6zrLW/kRNgMwsBpdTgep1Ez7O92GtV4zCpGr1DUzAWXZnQ2P++3qG:kylXB6XOALgepYO4GcFrQXZnBP+uqSh
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
9e3cf610e66102e164150efe5b2dee630cac04b4e4e29770c91180e956b39df0
-
Size
1.1MB
-
MD5
74528821220b4f1ffd8a0c91852abd0f
-
SHA1
2e9219f3fdb0e6341840bf9c58cfc4fca352338b
-
SHA256
9e3cf610e66102e164150efe5b2dee630cac04b4e4e29770c91180e956b39df0
-
SHA512
27769622b4c8807c63c8ebee8e166f1fd46fa5cb606f0b54df9fa3f6364ea684011e0e5f749546ffc4c530959deb784c99e52aef2e93228889d9e3225a35577e
-
SSDEEP
12288:9AxJ1c9psKtwW7IhuOXUPJuI85i8gTohuVohatk6j0O/H9lm0:9i1c9psKtwW7m3iM5i8VKtvj0GH9l
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Suspicious use of SetThreadContext
-
-
-
Target
a5bd0160df71694767fdadc369e0582970a1182d88c7fea774ca4d3bdb503e49
-
Size
1.6MB
-
MD5
7d32073410b319d087fce19d1e06e567
-
SHA1
db8fc2679ad185f7593223c7c9b1bd24dc9f9c14
-
SHA256
a5bd0160df71694767fdadc369e0582970a1182d88c7fea774ca4d3bdb503e49
-
SHA512
7f488b6974d89acb19da09df9784df631203f4ef1693c72092d0eb0cc3ed663332381ae3f052d479942acbf271466f2a8160009ebe0dceddc450a3b5818c6af3
-
SSDEEP
24576:3y9qneMGcM4DVQJBTkCn/H6tfxjl/zq9exWtOf2K1UkGmTXDqKbv4d3:C4neMZMJBT7n/+JjRq9ex0K2yDei
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
aee53fccee33b73dab9491356e6eb50d71b3b380ca589b649b6ec63ff792c3da
-
Size
479KB
-
MD5
7903417a4425e5f819fdca4ddb5a4ae0
-
SHA1
42be90bb5600574abb0b37113b65b32d6388b7ff
-
SHA256
aee53fccee33b73dab9491356e6eb50d71b3b380ca589b649b6ec63ff792c3da
-
SHA512
11fff0808094ce693e9af5c1f3544f8efad57f5014959329a41d5d76ff92f9be45a3963b9307cfa829694d743f86b1c56f342b38f4f52d5f602339e5bca05fbf
-
SSDEEP
12288:qMrSy90q5EwvocAm820Gfl6pleAG/R/7hhVecnO:syMuocdMy8Hel/R/7hJO
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
af9c5ff480fec8f9f7f8c274ed08c18a4e5a894eec2eb3577031e60657b87b30
-
Size
493KB
-
MD5
751240a12c22d583c8bd9a764351f4d3
-
SHA1
12634abd225dceda347cb5b16bf036d5a247340b
-
SHA256
af9c5ff480fec8f9f7f8c274ed08c18a4e5a894eec2eb3577031e60657b87b30
-
SHA512
7c3eb6e4c3b4cdd14f30d2bce08852e007443494b9fe1314efba77d0b40b0604f6108ace8483cd14f6125cc5fa32b8e10b331744771bf91ff056286fda20f975
-
SSDEEP
12288:tvDTGTc8/jVKygRliE66auiqpvZXhu7aVuVmi9l1IPa0Xp:tvDB8/l0a/SZhHVuYO0T
Score10/10-
Detect ZGRat V1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
-
-
Target
bfe644d3bd33f0f28361b0b64f6fba6444cbce7ffc0fb0746a6226305bffb229
-
Size
390KB
-
MD5
797a5feff99655f0d85ce2a57b7db03c
-
SHA1
4e6faef04eb706282a621b44f12ab9f1d46c2922
-
SHA256
bfe644d3bd33f0f28361b0b64f6fba6444cbce7ffc0fb0746a6226305bffb229
-
SHA512
33d1c0e066306f4d67d1db2aef636e142c515c2fdc4c471c7d0abfb8643181196e752715b44cb6fcf8a7188c93244e109c6e7c02b6c412d2b82293103dc19251
-
SSDEEP
6144:Kty+bnr+1p0yN90QETEySSJAvVcQlhRAbR4SZZ1QMmHYYgtVNaAL0C/:fMrxy90xEyFkXARPqkNTYC/
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
ca9f07873920ecd0518ecf148ae1351a8ecb3ce1fe033aa44b45de07f87202a4
-
Size
771KB
-
MD5
7ffad6f51f9598958204eca8679690b0
-
SHA1
aac9ca0423c177d041dcb22832f581d8c39bc184
-
SHA256
ca9f07873920ecd0518ecf148ae1351a8ecb3ce1fe033aa44b45de07f87202a4
-
SHA512
6a0feb1278e1bc5742a4b8909a6818743841e0d16b935d659fe6a60cd9837563ea5ea7ef9973afa1cc64c41681e140d5e7c85300346c875d1b17571aaff41430
-
SSDEEP
12288:uMrLy90EtWzfh9lViybaDJcyMYLk4hC+D+SjbIyWAcDSGb1cqSU0Rzyqj:xyfWFARJcyjJhBNmdcqL0wqj
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
dda511575fe2d4e8cc7e7dfbf500a529cbd2a5acc24299b8217d603401322c2f
-
Size
1.5MB
-
MD5
6ba00ad9a91f15dd444ad429ac2c2247
-
SHA1
23f67b9d77ed808f1a3b22a7a48a70bf931ee11f
-
SHA256
dda511575fe2d4e8cc7e7dfbf500a529cbd2a5acc24299b8217d603401322c2f
-
SHA512
2bc5fa1df9db17837c37d37773447c485676f0deb06600b6d9d5b82e7a6cb605d175a7121a1688ce875337bd76d0cc18b3e90398a050f451acad22844f7a5261
-
SSDEEP
49152:xuMNfHwZ5+uSS08H6gD5CoqkmaBshMG6yVn:Z+5+ulaQ5hcaBTG
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
ff541e0752957750759a393b41c2885b8177a2e7daf8234bf11068c537e215bb
-
Size
479KB
-
MD5
75455a1d7efce484f8b3d7814af0e5ff
-
SHA1
d0fd6f9781558482370265a22b8378c569c5ce97
-
SHA256
ff541e0752957750759a393b41c2885b8177a2e7daf8234bf11068c537e215bb
-
SHA512
d2e7b2008cbdfde8f15eaf6f4fe6767f1b1325079b2ab3ca9e0c4344e4a4bdc94d1f6d34f02a5311dec3472654ed541ad35c3cc32faa4d5c0eea0472e14a8e6d
-
SSDEEP
12288:8Mr8y90kFoPbEy+EEG8HUF8OANI9lhCsnr:oyv6Pw7g80OqhNr
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
12Windows Service
12Boot or Logon Autostart Execution
16Registry Run Keys / Startup Folder
16Scheduled Task/Job
5