Overview

overview

10

Static

static

3

70af2f5500...ea.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    70af2f55006a0ebc31cd2e605ebe0133bee27721600b259ebc73683b7fb5c1ea

  • Size

    642KB

  • Sample

    241110-cp7kfaxemc

  • MD5

    8e170bde7becd01f452fd96b04bf89da

  • SHA1

    ada784cde4db381c4831bfdc05ea49223f4f72ed

  • SHA256

    70af2f55006a0ebc31cd2e605ebe0133bee27721600b259ebc73683b7fb5c1ea

  • SHA512

    7d180b99b8e342bdc1f594a95715afe362471f4d58165e987ee59dabda57af109fb60d3a8fc6b596385cd85ad6db16139d984b03cb2b84c1ab91bf90a8eb30cf

  • SSDEEP

    12288:JMryy90wvJwpDsL6umBBfB3jhUt8kQZ+0Y4waixk1G2zIL:XyEgL1OfpjhzkvBbx64

Score
10/10
redlinedarmdiscoveryinfostealerpersistence

Malware Config

Extracted

Family

redline

Botnet

darm

C2

217.196.96.56:4138

Attributes
  • auth_value

    d88ac8ccc04ab9979b04b46313db1648

Targets

    • Target

      70af2f55006a0ebc31cd2e605ebe0133bee27721600b259ebc73683b7fb5c1ea

    • Size

      642KB

    • MD5

      8e170bde7becd01f452fd96b04bf89da

    • SHA1

      ada784cde4db381c4831bfdc05ea49223f4f72ed

    • SHA256

      70af2f55006a0ebc31cd2e605ebe0133bee27721600b259ebc73683b7fb5c1ea

    • SHA512

      7d180b99b8e342bdc1f594a95715afe362471f4d58165e987ee59dabda57af109fb60d3a8fc6b596385cd85ad6db16139d984b03cb2b84c1ab91bf90a8eb30cf

    • SSDEEP

      12288:JMryy90wvJwpDsL6umBBfB3jhUt8kQZ+0Y4waixk1G2zIL:XyEgL1OfpjhzkvBbx64

    Score
    10/10
    redlinedarmdiscoveryinfostealerpersistence

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks