Overview

overview

10

Static

static

3

2f153cc643...a0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2f153cc643857a2d61e92caab217a73b063884e1ad84201d9ed35835c081d8a0

  • Size

    479KB

  • Sample

    241111-ckxvfazjdz

  • MD5

    b8cd775ed179b02f8e4fc4cb5a0a03aa

  • SHA1

    9e66de8732b82e6367ae058e2aa45306725aa00f

  • SHA256

    2f153cc643857a2d61e92caab217a73b063884e1ad84201d9ed35835c081d8a0

  • SHA512

    47ab6c558e03c5316dd1e59f75bb0a24647b51f9070164ddd6a6eae9f0f4d9fb0ba67fa64759f8a8445f0528ca63f557fc584de53a12d698a1311fccf30a2c6c

  • SSDEEP

    12288:jMrSy90IFciQmCCPhNnSfUUn4wD1hImfDJI:lyJ+mtPefUUp1uoDy

Score
10/10
redlinediwerdiscoveryinfostealerpersistence

Malware Config

Extracted

Family

redline

Botnet

diwer

C2

217.196.96.101:4132

Attributes
  • auth_value

    42abfa9e4f2e290c8bdbc776fd9bb6ad

Targets

    • Target

      2f153cc643857a2d61e92caab217a73b063884e1ad84201d9ed35835c081d8a0

    • Size

      479KB

    • MD5

      b8cd775ed179b02f8e4fc4cb5a0a03aa

    • SHA1

      9e66de8732b82e6367ae058e2aa45306725aa00f

    • SHA256

      2f153cc643857a2d61e92caab217a73b063884e1ad84201d9ed35835c081d8a0

    • SHA512

      47ab6c558e03c5316dd1e59f75bb0a24647b51f9070164ddd6a6eae9f0f4d9fb0ba67fa64759f8a8445f0528ca63f557fc584de53a12d698a1311fccf30a2c6c

    • SSDEEP

      12288:jMrSy90IFciQmCCPhNnSfUUn4wD1hImfDJI:lyJ+mtPefUUp1uoDy

    Score
    10/10
    redlinediwerdiscoveryinfostealerpersistence

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks