General
-
Target
c32e57bd56c55a28bf6b798c2caf801b325911c39bb5eb098fec10e4ffa90343
-
Size
770KB
-
Sample
241109-x6rkrs1anq
-
MD5
e3c8e73c8ab8278ff6043f7cddbef8ed
-
SHA1
6cad518fdf40ff56de14e20292013b1a3743ec61
-
SHA256
c32e57bd56c55a28bf6b798c2caf801b325911c39bb5eb098fec10e4ffa90343
-
SHA512
3a6aeb645b8def68c2efa031ee749caef19e0c29a873a98b416f53c8e3bfb9c4730ab622ee7edc598423d563c3e1e3ad5af6f720d6ed1fa9fc06ebfc1fe599fa
-
SSDEEP
12288:lMrvy903W2/KJjh426cGw+9E1CgC6GKwO2daSm6/RtBKNAB4ruAPC1xIV0e:+yok14pcGxy92daSR//BKNACOWWe
Static task
static1
Behavioral task
behavioral1
Sample
c32e57bd56c55a28bf6b798c2caf801b325911c39bb5eb098fec10e4ffa90343.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
debro
185.161.248.75:4132
-
auth_value
18c2c191aebfde5d1787ec8d805a01a8
Targets
-
-
Target
c32e57bd56c55a28bf6b798c2caf801b325911c39bb5eb098fec10e4ffa90343
-
Size
770KB
-
MD5
e3c8e73c8ab8278ff6043f7cddbef8ed
-
SHA1
6cad518fdf40ff56de14e20292013b1a3743ec61
-
SHA256
c32e57bd56c55a28bf6b798c2caf801b325911c39bb5eb098fec10e4ffa90343
-
SHA512
3a6aeb645b8def68c2efa031ee749caef19e0c29a873a98b416f53c8e3bfb9c4730ab622ee7edc598423d563c3e1e3ad5af6f720d6ed1fa9fc06ebfc1fe599fa
-
SSDEEP
12288:lMrvy903W2/KJjh426cGw+9E1CgC6GKwO2daSm6/RtBKNAB4ruAPC1xIV0e:+yok14pcGxy92daSR//BKNACOWWe
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1