Overview

overview

10

Static

static

3

ff7ea0bc8f...d5.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ff7ea0bc8fa371abc258eb5ee5b240022337e77013f7c4c8534847c4cf88bdd5

  • Size

    480KB

  • Sample

    241111-bmewzazbrc

  • MD5

    47004236a06c43c30bcb12a2589646cc

  • SHA1

    251e473433f3fbe28c83e4e02cd86af947cf6ea2

  • SHA256

    ff7ea0bc8fa371abc258eb5ee5b240022337e77013f7c4c8534847c4cf88bdd5

  • SHA512

    52be21157e0297877d082783780d934d79939a4322595ad31234af4e70ef48980144c51f44dda74197cd78012bb93ed72c39bab22c9c162d39618f67efd9da95

  • SSDEEP

    12288:1MrSy90I9o5wA/H2KwsuwHwYAFN3Aghm2HW:nyl+WKwsSlrA+pW

Score
10/10
redlinedarisdiscoveryinfostealerpersistence

Malware Config

Extracted

Family

redline

Botnet

daris

C2

217.196.96.56:4138

Attributes
  • auth_value

    3491f24ae0250969cd45ce4b3fe77549

Targets

    • Target

      ff7ea0bc8fa371abc258eb5ee5b240022337e77013f7c4c8534847c4cf88bdd5

    • Size

      480KB

    • MD5

      47004236a06c43c30bcb12a2589646cc

    • SHA1

      251e473433f3fbe28c83e4e02cd86af947cf6ea2

    • SHA256

      ff7ea0bc8fa371abc258eb5ee5b240022337e77013f7c4c8534847c4cf88bdd5

    • SHA512

      52be21157e0297877d082783780d934d79939a4322595ad31234af4e70ef48980144c51f44dda74197cd78012bb93ed72c39bab22c9c162d39618f67efd9da95

    • SSDEEP

      12288:1MrSy90I9o5wA/H2KwsuwHwYAFN3Aghm2HW:nyl+WKwsSlrA+pW

    Score
    10/10
    redlinedarisdiscoveryinfostealerpersistence

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.