redline | 3d9a18e09c1146887f4c1214aa722a5571a9ffc741a40f4cc5e22a97e5bbedd4 | Triage

Submit
Reports

Overview

overview

Static

static

3

3d9a18e09c...d4.exe

windows10-2004-x64

Sharing

General

Target

3d9a18e09c1146887f4c1214aa722a5571a9ffc741a40f4cc5e22a97e5bbedd4
Size

589KB
Sample

241110-1kv8lsvpdy
MD5

f55a2ac9b8b8b367edf480a6d28b28f1
SHA1

4a1106b3aa08b58cd6c1385afbe5e9672102c059
SHA256

3d9a18e09c1146887f4c1214aa722a5571a9ffc741a40f4cc5e22a97e5bbedd4
SHA512

934a78f241586e65d69fb5f177fa26af7e13191dfc731773e0b6f3c11d63329e8319cc23ffe2102160c52078031ac701c3d8adba0b265598f64246ca18753822
SSDEEP

12288:BMr1y90OlIo7NOFrOgOug766KhjbAHUdjgOU82uG:MyF57NOFJO5KpZd8F82uG

Score

10^/10

redline crypt1 romka discovery infostealer persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

3d9a18e09c1146887f4c1214aa722a5571a9ffc741a40f4cc5e22a97e5bbedd4.exe

Resource

win10v2004-20241007-en

redline crypt1 romka discovery infostealer persistence

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

crypt1

C2

176.113.115.17:4132

Attributes

auth_value
2e2ca7bbceaa9f98252a6f9fc0e6fa86

Extracted

Family

redline

Botnet

romka

C2

193.233.20.11:4131

Attributes

auth_value
fcbb3247051f5290e8ac5b1a841af67b

Targets

- Target
  
  3d9a18e09c1146887f4c1214aa722a5571a9ffc741a40f4cc5e22a97e5bbedd4
- Size
  
  589KB
- MD5
  
  f55a2ac9b8b8b367edf480a6d28b28f1
- SHA1
  
  4a1106b3aa08b58cd6c1385afbe5e9672102c059
- SHA256
  
  3d9a18e09c1146887f4c1214aa722a5571a9ffc741a40f4cc5e22a97e5bbedd4
- SHA512
  
  934a78f241586e65d69fb5f177fa26af7e13191dfc731773e0b6f3c11d63329e8319cc23ffe2102160c52078031ac701c3d8adba0b265598f64246ca18753822
- SSDEEP
  
  12288:BMr1y90OlIo7NOFrOgOug766KhjbAHUdjgOU82uG:MyF57NOFJO5KpZd8F82uG
Score

10^/10

redline crypt1 romka discovery infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinecrypt1romkadiscoveryinfostealerpersistence

© 2018-2025

Terms | Privacy