redline | d5b24d09b54abf36367e733abb4f26d9bd8b0770497e5376b1046b6b96df7e13 | Triage

Submit
Reports

Overview

overview

Static

static

3

d5b24d09b5...13.exe

windows10-2004-x64

Sharing

General

Target

d5b24d09b54abf36367e733abb4f26d9bd8b0770497e5376b1046b6b96df7e13
Size

439KB
Sample

241110-zzphyavlaw
MD5

d8b413ee35cbbd2f230007e01ab534c8
SHA1

309509baa753f524e35131e1b53b3dced9e1653f
SHA256

d5b24d09b54abf36367e733abb4f26d9bd8b0770497e5376b1046b6b96df7e13
SHA512

914eb46c09ac2f8c66797f27b3e465e96bbc210a5fe9b4d918643fe5cdbc75326cb224943c6851fc62a606db4a62ac4fda2dfb03b3da1ee2e6d01191102ce1b6
SSDEEP

6144:Kdy+bnr+Zp0yN90QEPVRHb2pKwF0fJmHHXWtYw22gzypGwYjLsLQMXRgbX:TMr1y90Bb70FWmHHm2nBzypG3m2

Score

10^/10

redline ronur discovery infostealer persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d5b24d09b54abf36367e733abb4f26d9bd8b0770497e5376b1046b6b96df7e13.exe

Resource

win10v2004-20241007-en

redline ronur discovery infostealer persistence

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

ronur

C2

193.233.20.20:4134

Attributes

auth_value
f88f86755a528d4b25f6f3628c460965

Targets

- Target
  
  d5b24d09b54abf36367e733abb4f26d9bd8b0770497e5376b1046b6b96df7e13
- Size
  
  439KB
- MD5
  
  d8b413ee35cbbd2f230007e01ab534c8
- SHA1
  
  309509baa753f524e35131e1b53b3dced9e1653f
- SHA256
  
  d5b24d09b54abf36367e733abb4f26d9bd8b0770497e5376b1046b6b96df7e13
- SHA512
  
  914eb46c09ac2f8c66797f27b3e465e96bbc210a5fe9b4d918643fe5cdbc75326cb224943c6851fc62a606db4a62ac4fda2dfb03b3da1ee2e6d01191102ce1b6
- SSDEEP
  
  6144:Kdy+bnr+Zp0yN90QEPVRHb2pKwF0fJmHHXWtYw22gzypGwYjLsLQMXRgbX:TMr1y90Bb70FWmHHm2nBzypG3m2
Score

10^/10

redline ronur discovery infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineronurdiscoveryinfostealerpersistence

© 2018-2025

Terms | Privacy