Overview

overview

10

Static

static

3

a2fcbea675...49.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a2fcbea67578d20742923c3e2b37197b7caea093d37bf11f132736d0793c1949.exe

  • Size

    520KB

  • Sample

    241113-ayyyjstglp

  • MD5

    cebc5de184d056dec00a8e9fc9f83a25

  • SHA1

    827899d4f967c619305e9223a94fd93954d3f093

  • SHA256

    a2fcbea67578d20742923c3e2b37197b7caea093d37bf11f132736d0793c1949

  • SHA512

    3b05b474150bd16ea8372615ad20dd90b9b6724c41d47ac36e808552fbc38eb8d39482cbc2f995fc9bcf4e6e47639ed72cb5fcd56e10f9e3fbf8bbcad179b485

  • SSDEEP

    12288:bMrQy90jFQMbvPblabVzWztAuZ9gIxG3c9Q2AQ+lLmxglFhSXuoTWq5E:Py9CERyhN9gq1+Fm+Joiq5E

Score
10/10
redlineromikdiscoveryinfostealerpersistence

Malware Config

Extracted

Family

redline

Botnet

romik

C2

193.233.20.12:4132

Attributes
  • auth_value

    8fb78d2889ba0ca42678b59b884e88ff

Targets

    • Target

      a2fcbea67578d20742923c3e2b37197b7caea093d37bf11f132736d0793c1949.exe

    • Size

      520KB

    • MD5

      cebc5de184d056dec00a8e9fc9f83a25

    • SHA1

      827899d4f967c619305e9223a94fd93954d3f093

    • SHA256

      a2fcbea67578d20742923c3e2b37197b7caea093d37bf11f132736d0793c1949

    • SHA512

      3b05b474150bd16ea8372615ad20dd90b9b6724c41d47ac36e808552fbc38eb8d39482cbc2f995fc9bcf4e6e47639ed72cb5fcd56e10f9e3fbf8bbcad179b485

    • SSDEEP

      12288:bMrQy90jFQMbvPblabVzWztAuZ9gIxG3c9Q2AQ+lLmxglFhSXuoTWq5E:Py9CERyhN9gq1+Fm+Joiq5E

    Score
    10/10
    redlineromikdiscoveryinfostealerpersistence

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks