Overview

overview

10

Static

static

3

f18cfa4ee2...da.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f18cfa4ee22d8f95e6b272fd14647b81d2995b13d01ab564b6bc6052eb4d4bda

  • Size

    838KB

  • Sample

    241111-mlcwrsycnh

  • MD5

    2d54822bef361a60742d22bee4f0f8e2

  • SHA1

    c9100ec23ec72c9ed65aacf39c2bed2d8a9958db

  • SHA256

    f18cfa4ee22d8f95e6b272fd14647b81d2995b13d01ab564b6bc6052eb4d4bda

  • SHA512

    22e1bd64e7acc3de90133a0656e3ef0afd78842e0cf22fccede5464d0ac813964826f2ad13271e5b7fdabf97c465b4b0ec15d6e74dfd961c40434f74817d5900

  • SSDEEP

    24576:hyvwbMhw3dVIT0DUhCQItLUhFjnCx4AF6H:UvwGw3dOfxItLUhFj04C

Score
10/10
redlineromikdiscoveryinfostealerpersistence

Malware Config

Extracted

Family

redline

Botnet

romik

C2

193.233.20.12:4132

Attributes
  • auth_value

    8fb78d2889ba0ca42678b59b884e88ff

Targets

    • Target

      f18cfa4ee22d8f95e6b272fd14647b81d2995b13d01ab564b6bc6052eb4d4bda

    • Size

      838KB

    • MD5

      2d54822bef361a60742d22bee4f0f8e2

    • SHA1

      c9100ec23ec72c9ed65aacf39c2bed2d8a9958db

    • SHA256

      f18cfa4ee22d8f95e6b272fd14647b81d2995b13d01ab564b6bc6052eb4d4bda

    • SHA512

      22e1bd64e7acc3de90133a0656e3ef0afd78842e0cf22fccede5464d0ac813964826f2ad13271e5b7fdabf97c465b4b0ec15d6e74dfd961c40434f74817d5900

    • SSDEEP

      24576:hyvwbMhw3dVIT0DUhCQItLUhFjnCx4AF6H:UvwGw3dOfxItLUhFj04C

    Score
    10/10
    redlineromikdiscoveryinfostealerpersistence

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks