General
-
Target
3e5ff4dcfa5551092dc8230631ebd9f0045a46eb8118fb382f98fbb4cc628693
-
Size
1.1MB
-
Sample
241111-gmnrrsthjm
-
MD5
0b094db892273b6f84f33a15f2f72fc9
-
SHA1
9a87bddb1e37f64e3a6207d65e59538f7420d44d
-
SHA256
3e5ff4dcfa5551092dc8230631ebd9f0045a46eb8118fb382f98fbb4cc628693
-
SHA512
4e024d048d8c3ab36c4b0f229b2a80bd1e2eaed9e0b9c6219ac98c44565b6cec9ae8f74e1b49a3558adfb85d87ca77c4fc82de43773d9835d6d8777c166c89c3
-
SSDEEP
24576:JyekFtwOuLVmR1tKpEKVMRkvsyPOoRHI8j+LpZO14MaHX13at:8eQuZm7tuEK2xy95+LpnMY1
Static task
static1
Behavioral task
behavioral1
Sample
3e5ff4dcfa5551092dc8230631ebd9f0045a46eb8118fb382f98fbb4cc628693.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
dedu
185.161.248.75:4132
-
auth_value
43fb2cf55df7896aeff6ce27ec070fea
Targets
-
-
Target
3e5ff4dcfa5551092dc8230631ebd9f0045a46eb8118fb382f98fbb4cc628693
-
Size
1.1MB
-
MD5
0b094db892273b6f84f33a15f2f72fc9
-
SHA1
9a87bddb1e37f64e3a6207d65e59538f7420d44d
-
SHA256
3e5ff4dcfa5551092dc8230631ebd9f0045a46eb8118fb382f98fbb4cc628693
-
SHA512
4e024d048d8c3ab36c4b0f229b2a80bd1e2eaed9e0b9c6219ac98c44565b6cec9ae8f74e1b49a3558adfb85d87ca77c4fc82de43773d9835d6d8777c166c89c3
-
SSDEEP
24576:JyekFtwOuLVmR1tKpEKVMRkvsyPOoRHI8j+LpZO14MaHX13at:8eQuZm7tuEK2xy95+LpnMY1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1