redline | 2175c8e0a8bfd871643694dc0566fb3828c9dcdd610a10e9a3d027341b5f055a | Triage

Submit
Reports

Overview

overview

Static

static

3

2175c8e0a8...5a.exe

windows10-2004-x64

Sharing

General

Target

2175c8e0a8bfd871643694dc0566fb3828c9dcdd610a10e9a3d027341b5f055a
Size

434KB
Sample

241111-gx786avdna
MD5

d8526325dc246427aa7ac9c31fbff861
SHA1

00acf42ba37adbfe5b53cc527aacc284fa7b75bf
SHA256

2175c8e0a8bfd871643694dc0566fb3828c9dcdd610a10e9a3d027341b5f055a
SHA512

2a93d9059a975a2da6bf458ee04db65709a92ce865c0b0ea6e0da06fc2d369937a8ce107f3b26443cb09a38184d3680f8b97d0e3d10eefcf4681ad9e0870347f
SSDEEP

6144:KZy+bnr+jp0yN90QEBkpPP5sL+lpt/jJeYArEL+Gc8c7P2fgcXVWlg0wa:fMr/y90Ul59lXYjpn8cr2fbkN

Score

10^/10

redline rodik discovery infostealer persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2175c8e0a8bfd871643694dc0566fb3828c9dcdd610a10e9a3d027341b5f055a.exe

Resource

win10v2004-20241007-en

redline rodik discovery infostealer persistence

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes

auth_value
59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

- Target
  
  2175c8e0a8bfd871643694dc0566fb3828c9dcdd610a10e9a3d027341b5f055a
- Size
  
  434KB
- MD5
  
  d8526325dc246427aa7ac9c31fbff861
- SHA1
  
  00acf42ba37adbfe5b53cc527aacc284fa7b75bf
- SHA256
  
  2175c8e0a8bfd871643694dc0566fb3828c9dcdd610a10e9a3d027341b5f055a
- SHA512
  
  2a93d9059a975a2da6bf458ee04db65709a92ce865c0b0ea6e0da06fc2d369937a8ce107f3b26443cb09a38184d3680f8b97d0e3d10eefcf4681ad9e0870347f
- SSDEEP
  
  6144:KZy+bnr+jp0yN90QEBkpPP5sL+lpt/jJeYArEL+Gc8c7P2fgcXVWlg0wa:fMr/y90Ul59lXYjpn8cr2fbkN
Score

10^/10

redline rodik discovery infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinerodikdiscoveryinfostealerpersistence

© 2018-2024

Terms | Privacy