Overview

overview

10

Static

static

3

f1fa728270...c0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f1fa728270e9987a99db1d520ae61c3e05703445c5867c8ecc52b768608653c0

  • Size

    660KB

  • Sample

    241111-fj3abasncw

  • MD5

    0c7236df17f350afcf62339053ac91d3

  • SHA1

    979141cadb1ae6444812b1ae4df6a6b8668f7945

  • SHA256

    f1fa728270e9987a99db1d520ae61c3e05703445c5867c8ecc52b768608653c0

  • SHA512

    fce02d0f7bdaea6cad39b9bac5bf19fffdffd98815d04a3912d3aeea369e5ebe522be5a93eeba0946528c11d1d4a381c542e38317ba6b7fd635b6567729b1ec1

  • SSDEEP

    12288:TMrZy90WMmPQGktxw3OyxrCZtVoG5uD6wJw7u6tF/MB:SyyAQzxw3OgCZtVoGgDdw7u68

Score
10/10
redlineromikdiscoveryinfostealerpersistence

Malware Config

Extracted

Family

redline

Botnet

romik

C2

193.233.20.12:4132

Attributes
  • auth_value

    8fb78d2889ba0ca42678b59b884e88ff

Targets

    • Target

      f1fa728270e9987a99db1d520ae61c3e05703445c5867c8ecc52b768608653c0

    • Size

      660KB

    • MD5

      0c7236df17f350afcf62339053ac91d3

    • SHA1

      979141cadb1ae6444812b1ae4df6a6b8668f7945

    • SHA256

      f1fa728270e9987a99db1d520ae61c3e05703445c5867c8ecc52b768608653c0

    • SHA512

      fce02d0f7bdaea6cad39b9bac5bf19fffdffd98815d04a3912d3aeea369e5ebe522be5a93eeba0946528c11d1d4a381c542e38317ba6b7fd635b6567729b1ec1

    • SSDEEP

      12288:TMrZy90WMmPQGktxw3OyxrCZtVoG5uD6wJw7u6tF/MB:SyyAQzxw3OgCZtVoGgDdw7u68

    Score
    10/10
    redlineromikdiscoveryinfostealerpersistence

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks