Overview

overview

10

Static

static

3

367a1f1a3a...90.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    367a1f1a3a240e4674d28e08bf4365b5551e3da5483bbe3462c49019d2fcff90

  • Size

    643KB

  • Sample

    241109-vfy6taybpe

  • MD5

    cd84e0de4f6f4b4b795245c30d067fe2

  • SHA1

    94a509db8bd7f6b78001167b5a533ef1de2badb7

  • SHA256

    367a1f1a3a240e4674d28e08bf4365b5551e3da5483bbe3462c49019d2fcff90

  • SHA512

    db82f4b740f7204132c7b6be1b67b4284a33a417bb099772d3fd97048e5a92e24c67f732734252f32ae3370abf47f6331437806bb1391050646e3ffdf7166c3b

  • SSDEEP

    12288:1MrHy90n1+kvFM5jHKgmrig1LQAR8IcMElROY2aPAw3W1+vfwhVtUxg5dKvch:2ys1+ddKFriqQ28blROza48Iif6PWIKC

Score
10/10
redlinedarmdiscoveryinfostealerpersistence

Malware Config

Extracted

Family

redline

Botnet

darm

C2

217.196.96.56:4138

Attributes
  • auth_value

    d88ac8ccc04ab9979b04b46313db1648

Targets

    • Target

      367a1f1a3a240e4674d28e08bf4365b5551e3da5483bbe3462c49019d2fcff90

    • Size

      643KB

    • MD5

      cd84e0de4f6f4b4b795245c30d067fe2

    • SHA1

      94a509db8bd7f6b78001167b5a533ef1de2badb7

    • SHA256

      367a1f1a3a240e4674d28e08bf4365b5551e3da5483bbe3462c49019d2fcff90

    • SHA512

      db82f4b740f7204132c7b6be1b67b4284a33a417bb099772d3fd97048e5a92e24c67f732734252f32ae3370abf47f6331437806bb1391050646e3ffdf7166c3b

    • SSDEEP

      12288:1MrHy90n1+kvFM5jHKgmrig1LQAR8IcMElROY2aPAw3W1+vfwhVtUxg5dKvch:2ys1+ddKFriqQ28blROza48Iif6PWIKC

    Score
    10/10
    redlinedarmdiscoveryinfostealerpersistence

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks