General
-
Target
fc03d8199f80be9a0bf47d1577292a3e6ac6b741a044e9fee3ebfbe9edf0624f
-
Size
769KB
-
Sample
241109-x6ewzazldw
-
MD5
f9ca2cae8d0dfe2d4bd3ed0929b9570e
-
SHA1
4ebcbbb81ef49dbcc7d1fa434cee62a01240d194
-
SHA256
fc03d8199f80be9a0bf47d1577292a3e6ac6b741a044e9fee3ebfbe9edf0624f
-
SHA512
fe6d06cbf0e61f0750e77d6cfeb54c0ca7893e6caf3a27be6727ee1a2152fd8c36f7f4f7b10ffd85b392ed51ae5ba01d1881191f0ecbbcb46ab0406c362315d1
-
SSDEEP
24576:bypVDbup/v+nuV9ijTPaHo/hlpZnYBvqNsT:OLc/Q2mr55P+
Static task
static1
Behavioral task
behavioral1
Sample
fc03d8199f80be9a0bf47d1577292a3e6ac6b741a044e9fee3ebfbe9edf0624f.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
debro
185.161.248.75:4132
-
auth_value
18c2c191aebfde5d1787ec8d805a01a8
Targets
-
-
Target
fc03d8199f80be9a0bf47d1577292a3e6ac6b741a044e9fee3ebfbe9edf0624f
-
Size
769KB
-
MD5
f9ca2cae8d0dfe2d4bd3ed0929b9570e
-
SHA1
4ebcbbb81ef49dbcc7d1fa434cee62a01240d194
-
SHA256
fc03d8199f80be9a0bf47d1577292a3e6ac6b741a044e9fee3ebfbe9edf0624f
-
SHA512
fe6d06cbf0e61f0750e77d6cfeb54c0ca7893e6caf3a27be6727ee1a2152fd8c36f7f4f7b10ffd85b392ed51ae5ba01d1881191f0ecbbcb46ab0406c362315d1
-
SSDEEP
24576:bypVDbup/v+nuV9ijTPaHo/hlpZnYBvqNsT:OLc/Q2mr55P+
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1