Overview

overview

10

Static

static

3

8ee352dd0b...57.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8ee352dd0beeb8923fb64cb90b6861397a15f498dc48dff63cae41bca5cfab57

  • Size

    480KB

  • Sample

    241108-vlcj1aykek

  • MD5

    9056823565cfac2d8df1d7b5cde4f74b

  • SHA1

    c2eb0d679a6704b9119ddb133323276c60a53ee0

  • SHA256

    8ee352dd0beeb8923fb64cb90b6861397a15f498dc48dff63cae41bca5cfab57

  • SHA512

    78bd013bf234f712544fe708b01a1099b9c75aba7a0a0069db3d7db25758ccec901ca7cfa9b1d4b27b4e207de4ebf4bab47f5bc7acd13547c46dafe18bfff9f8

  • SSDEEP

    12288:hMrdy9080sqmLEVNbnZWHG9/XhhdVJfrw4RHH84w:cytqmoVNljvP9E4RHH8R

Score
10/10
redlinefukiadiscoveryinfostealerpersistence

Malware Config

Extracted

Family

redline

Botnet

fukia

C2

193.233.20.13:4136

Attributes
  • auth_value

    e5783636fbd9e4f0cf9a017bce02e67e

Targets

    • Target

      8ee352dd0beeb8923fb64cb90b6861397a15f498dc48dff63cae41bca5cfab57

    • Size

      480KB

    • MD5

      9056823565cfac2d8df1d7b5cde4f74b

    • SHA1

      c2eb0d679a6704b9119ddb133323276c60a53ee0

    • SHA256

      8ee352dd0beeb8923fb64cb90b6861397a15f498dc48dff63cae41bca5cfab57

    • SHA512

      78bd013bf234f712544fe708b01a1099b9c75aba7a0a0069db3d7db25758ccec901ca7cfa9b1d4b27b4e207de4ebf4bab47f5bc7acd13547c46dafe18bfff9f8

    • SSDEEP

      12288:hMrdy9080sqmLEVNbnZWHG9/XhhdVJfrw4RHH84w:cytqmoVNljvP9E4RHH8R

    Score
    10/10
    redlinefukiadiscoveryinfostealerpersistence

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks