Overview

overview

10

Static

static

3

9c1ec009cd...ab.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9c1ec009cdeabd13c8969eb3380a60c30bfdcb6ff2adbc4658be029dcd8a14ab

  • Size

    566KB

  • Sample

    241110-shgcnsymav

  • MD5

    5373270bca4bfb2f9c849d4f6669fd01

  • SHA1

    206a43023c0b6dad06a68cd51494f000202fd1e2

  • SHA256

    9c1ec009cdeabd13c8969eb3380a60c30bfdcb6ff2adbc4658be029dcd8a14ab

  • SHA512

    58c7aa88adf6b2d9dd98eb3d427fdfe015f62516c1486b2c17f1779b8c52ce763925d5e55032ebedd48483c703b94204692be1063237db5c0a23e8fdd5d3de82

  • SSDEEP

    12288:VMrty90uQXWPUs8Xi7K4EokSpJAgRw70A9EhIaY1e/Z3:QyH2q+4EokSIgRw70AKhV3

Score
10/10
redlinedarmdiscoveryinfostealerpersistence

Malware Config

Extracted

Family

redline

Botnet

darm

C2

217.196.96.56:4138

Attributes
  • auth_value

    d88ac8ccc04ab9979b04b46313db1648

Targets

    • Target

      9c1ec009cdeabd13c8969eb3380a60c30bfdcb6ff2adbc4658be029dcd8a14ab

    • Size

      566KB

    • MD5

      5373270bca4bfb2f9c849d4f6669fd01

    • SHA1

      206a43023c0b6dad06a68cd51494f000202fd1e2

    • SHA256

      9c1ec009cdeabd13c8969eb3380a60c30bfdcb6ff2adbc4658be029dcd8a14ab

    • SHA512

      58c7aa88adf6b2d9dd98eb3d427fdfe015f62516c1486b2c17f1779b8c52ce763925d5e55032ebedd48483c703b94204692be1063237db5c0a23e8fdd5d3de82

    • SSDEEP

      12288:VMrty90uQXWPUs8Xi7K4EokSpJAgRw70A9EhIaY1e/Z3:QyH2q+4EokSIgRw70AKhV3

    Score
    10/10
    redlinedarmdiscoveryinfostealerpersistence

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks