redline | c7c4c70180910686c9799b40504537197e79e3e28b0bdadb250c7f2a4732fc85 | Triage

Submit
Reports

Overview

overview

Static

static

3

c7c4c70180...85.exe

windows10-2004-x64

Sharing

General

Target

c7c4c70180910686c9799b40504537197e79e3e28b0bdadb250c7f2a4732fc85
Size

437KB
Sample

241111-cmj2cs1ane
MD5

1b88103925130e6a46a54be5fd28dbc0
SHA1

d0373944ab2663ab42e99003415dbab34b275dd9
SHA256

c7c4c70180910686c9799b40504537197e79e3e28b0bdadb250c7f2a4732fc85
SHA512

407bce4d2fdc851a3ca50b30de42ddf288004c01fea7fe3c30085bf1f986c47c4f9f0bc9b537d9c6806513f3aba0acc45d27b9fe5d3a1af9b707fbee88b280d2
SSDEEP

6144:K9y+bnr+Op0yN90QEoJhy8+VfE6BpNW7J4Ul6LZBfFwtxu0aUApibmurrZLXYOuU:nMrWy90VxDpY7mEABfobaUyCZ7YOIER

Score

10^/10

redline ronur discovery infostealer persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c7c4c70180910686c9799b40504537197e79e3e28b0bdadb250c7f2a4732fc85.exe

Resource

win10v2004-20241007-en

redline ronur discovery infostealer persistence

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

ronur

C2

193.233.20.20:4134

Attributes

auth_value
f88f86755a528d4b25f6f3628c460965

Targets

- Target
  
  c7c4c70180910686c9799b40504537197e79e3e28b0bdadb250c7f2a4732fc85
- Size
  
  437KB
- MD5
  
  1b88103925130e6a46a54be5fd28dbc0
- SHA1
  
  d0373944ab2663ab42e99003415dbab34b275dd9
- SHA256
  
  c7c4c70180910686c9799b40504537197e79e3e28b0bdadb250c7f2a4732fc85
- SHA512
  
  407bce4d2fdc851a3ca50b30de42ddf288004c01fea7fe3c30085bf1f986c47c4f9f0bc9b537d9c6806513f3aba0acc45d27b9fe5d3a1af9b707fbee88b280d2
- SSDEEP
  
  6144:K9y+bnr+Op0yN90QEoJhy8+VfE6BpNW7J4Ul6LZBfFwtxu0aUApibmurrZLXYOuU:nMrWy90VxDpY7mEABfobaUyCZ7YOIER
Score

10^/10

redline ronur discovery infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineronurdiscoveryinfostealerpersistence

© 2018-2025

Terms | Privacy