General
-
Target
b52d92b0152c8612d32c2cef9ae32f776d3432869bed44c3ef0858fbb1a489f5
-
Size
883KB
-
Sample
241104-rbq3vs1apg
-
MD5
6315ff5997f40db6e7c02f0e2591c41d
-
SHA1
82829b5f4b99eb0ef813b80b38b51c57ec58ccc9
-
SHA256
b52d92b0152c8612d32c2cef9ae32f776d3432869bed44c3ef0858fbb1a489f5
-
SHA512
41c1c5a72f02d5c188d7f66e8f21526805b8f62939b4ba1068814359e3458cdb54e36995a601b5731517f695b063bd90f0cf224afdc672ef27f2c22c448a3250
-
SSDEEP
12288:nMrPy90TXfzH/hODiZHPJaNkpwao6OUmpXwNjaFd8kYM/N+CQ:MySrhO2HhaswV2aXF8d
Static task
static1
Behavioral task
behavioral1
Sample
b52d92b0152c8612d32c2cef9ae32f776d3432869bed44c3ef0858fbb1a489f5.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
mixa
185.161.248.75:4132
-
auth_value
9d14534b25ac495ab25b59800acf3bb2
Targets
-
-
Target
b52d92b0152c8612d32c2cef9ae32f776d3432869bed44c3ef0858fbb1a489f5
-
Size
883KB
-
MD5
6315ff5997f40db6e7c02f0e2591c41d
-
SHA1
82829b5f4b99eb0ef813b80b38b51c57ec58ccc9
-
SHA256
b52d92b0152c8612d32c2cef9ae32f776d3432869bed44c3ef0858fbb1a489f5
-
SHA512
41c1c5a72f02d5c188d7f66e8f21526805b8f62939b4ba1068814359e3458cdb54e36995a601b5731517f695b063bd90f0cf224afdc672ef27f2c22c448a3250
-
SSDEEP
12288:nMrPy90TXfzH/hODiZHPJaNkpwao6OUmpXwNjaFd8kYM/N+CQ:MySrhO2HhaswV2aXF8d
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1