Overview

overview

10

Static

static

3

d7b38740a2...53.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d7b38740a2c0a9cb1cf93055042a52b2ec4a89b6882d4b7aabd9582756ae7353

  • Size

    554KB

  • Sample

    241111-knbelswkby

  • MD5

    87ab9e5e4854f4a879937e5745eebf8c

  • SHA1

    eb2966f5e143a8dbf80d0ffccdfd62f6cb67ca4b

  • SHA256

    d7b38740a2c0a9cb1cf93055042a52b2ec4a89b6882d4b7aabd9582756ae7353

  • SHA512

    16d91e3b18d204c692b47c4e0a251a0772f2debb325ec13ec2a584ca8bc7bfeaa89f1195e796e5acd123742d52bdc99a9ea101efae4ab05116a46d9b17b0ee76

  • SSDEEP

    12288:ZMrzy90RQKInhnMotU40NxdJkGoZnwUa8uYORlWbTrGU:+y0QKyhM410Nxd7oZwUa0OfWb/GU

Score
10/10
redlinedarmdiscoveryinfostealerpersistence

Malware Config

Extracted

Family

redline

Botnet

darm

C2

217.196.96.56:4138

Attributes
  • auth_value

    d88ac8ccc04ab9979b04b46313db1648

Targets

    • Target

      d7b38740a2c0a9cb1cf93055042a52b2ec4a89b6882d4b7aabd9582756ae7353

    • Size

      554KB

    • MD5

      87ab9e5e4854f4a879937e5745eebf8c

    • SHA1

      eb2966f5e143a8dbf80d0ffccdfd62f6cb67ca4b

    • SHA256

      d7b38740a2c0a9cb1cf93055042a52b2ec4a89b6882d4b7aabd9582756ae7353

    • SHA512

      16d91e3b18d204c692b47c4e0a251a0772f2debb325ec13ec2a584ca8bc7bfeaa89f1195e796e5acd123742d52bdc99a9ea101efae4ab05116a46d9b17b0ee76

    • SSDEEP

      12288:ZMrzy90RQKInhnMotU40NxdJkGoZnwUa8uYORlWbTrGU:+y0QKyhM410Nxd7oZwUa0OfWb/GU

    Score
    10/10
    redlinedarmdiscoveryinfostealerpersistence

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks