General
-
Target
8f27b0a3553a7aae1fe76bd06581c5013053e3ea9207de3d0fbd058d15f1f01f
-
Size
771KB
-
Sample
241104-rlx9xszpht
-
MD5
c704b7bd29de0c4c33d849304adb0ae0
-
SHA1
da6a7b80a3b5e7b4ca349f4d12695959df31e391
-
SHA256
8f27b0a3553a7aae1fe76bd06581c5013053e3ea9207de3d0fbd058d15f1f01f
-
SHA512
1d462851dc4ec6081798edd478938bec9158e6cc90eb6e3c78a82960a5fa19b64c2b15cc003b9c138165efd6108a15e6da8012cd97c909a39558f08398e3c082
-
SSDEEP
12288:gMrpy90asNXTDiw51/etQNxPzi8NEFA//6xJtQauQKJRIdpjECTTIs4Q2STzcpN7:5ySutQN48F/yvtbKcpj6C2STzc/LX
Static task
static1
Behavioral task
behavioral1
Sample
8f27b0a3553a7aae1fe76bd06581c5013053e3ea9207de3d0fbd058d15f1f01f.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
dubur
217.196.96.102:4132
-
auth_value
32d04179aa1e8d655d2d80c21f99de41
Targets
-
-
Target
8f27b0a3553a7aae1fe76bd06581c5013053e3ea9207de3d0fbd058d15f1f01f
-
Size
771KB
-
MD5
c704b7bd29de0c4c33d849304adb0ae0
-
SHA1
da6a7b80a3b5e7b4ca349f4d12695959df31e391
-
SHA256
8f27b0a3553a7aae1fe76bd06581c5013053e3ea9207de3d0fbd058d15f1f01f
-
SHA512
1d462851dc4ec6081798edd478938bec9158e6cc90eb6e3c78a82960a5fa19b64c2b15cc003b9c138165efd6108a15e6da8012cd97c909a39558f08398e3c082
-
SSDEEP
12288:gMrpy90asNXTDiw51/etQNxPzi8NEFA//6xJtQauQKJRIdpjECTTIs4Q2STzcpN7:5ySutQN48F/yvtbKcpj6C2STzc/LX
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1