General
-
Target
0a2750cf7c9bd0c4ac35a211ef3d67336192fd776b9b4718d65f7789275177ef
-
Size
1.1MB
-
Sample
241109-x4xzrstkck
-
MD5
dccb3cbd0acd5d0cb6ef767b72909390
-
SHA1
c12bc9eef6728011a45f109c82a33fd3a834c440
-
SHA256
0a2750cf7c9bd0c4ac35a211ef3d67336192fd776b9b4718d65f7789275177ef
-
SHA512
d35f2aaab54e67ddbb1bb03852761bf7ff19a44a4cd76defe2cffa186a1bfc641f2ee8a4ec324f8cd685b4f2295720c048023b6806780df21a7f3e1a9bf4ca6f
-
SSDEEP
24576:SyLD3H/o9l/F/9f7otwzeHc3vAqilWbpR9ukV:5LrQTFzDAHcbpru
Static task
static1
Behavioral task
behavioral1
Sample
0a2750cf7c9bd0c4ac35a211ef3d67336192fd776b9b4718d65f7789275177ef.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
miran
185.161.248.75:4132
-
auth_value
f1084732cb99b2cbe314a2a565371e6c
Targets
-
-
Target
0a2750cf7c9bd0c4ac35a211ef3d67336192fd776b9b4718d65f7789275177ef
-
Size
1.1MB
-
MD5
dccb3cbd0acd5d0cb6ef767b72909390
-
SHA1
c12bc9eef6728011a45f109c82a33fd3a834c440
-
SHA256
0a2750cf7c9bd0c4ac35a211ef3d67336192fd776b9b4718d65f7789275177ef
-
SHA512
d35f2aaab54e67ddbb1bb03852761bf7ff19a44a4cd76defe2cffa186a1bfc641f2ee8a4ec324f8cd685b4f2295720c048023b6806780df21a7f3e1a9bf4ca6f
-
SSDEEP
24576:SyLD3H/o9l/F/9f7otwzeHc3vAqilWbpR9ukV:5LrQTFzDAHcbpru
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1