Overview

overview

10

Static

static

3

830b5f81a3...35.exe

windows7-x64

10

830b5f81a3...35.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    830b5f81a3a9e9f5d4222118331f2b85f06b32af6e965d90546bb33e31503f35.exe

  • Size

    426KB

  • Sample

    241116-pxaxnawkdt

  • MD5

    cf4f987e1a2830d066ea9978df1a3ff6

  • SHA1

    4adf678a8513207925f7e7f528baa0ca0782c22f

  • SHA256

    830b5f81a3a9e9f5d4222118331f2b85f06b32af6e965d90546bb33e31503f35

  • SHA512

    abfaf310914566fc77f7b73255a98fae453864a8c751b9fea2370649682bfc1527f9d9520dfab5e22e289f68d511601c3d9a534c66927c8193ee2be62891d564

  • SSDEEP

    6144:J5GqdxkaGma2QEllm6qiU8dpaEDmDka4I0pG7NPwJOxELmiXGQrOHqY1QJDL:J5Gqdxk1qlfS0OD4I0piPJNQrkL2ZL

Score
10/10
redlinenormdiscoveryinfostealer

Malware Config

Extracted

Family

redline

Botnet

norm

C2

77.91.124.145:4125

Attributes
  • auth_value

    1514e6c0ec3d10a36f68f61b206f5759

Targets

    • Target

      830b5f81a3a9e9f5d4222118331f2b85f06b32af6e965d90546bb33e31503f35.exe

    • Size

      426KB

    • MD5

      cf4f987e1a2830d066ea9978df1a3ff6

    • SHA1

      4adf678a8513207925f7e7f528baa0ca0782c22f

    • SHA256

      830b5f81a3a9e9f5d4222118331f2b85f06b32af6e965d90546bb33e31503f35

    • SHA512

      abfaf310914566fc77f7b73255a98fae453864a8c751b9fea2370649682bfc1527f9d9520dfab5e22e289f68d511601c3d9a534c66927c8193ee2be62891d564

    • SSDEEP

      6144:J5GqdxkaGma2QEllm6qiU8dpaEDmDka4I0pG7NPwJOxELmiXGQrOHqY1QJDL:J5Gqdxk1qlfS0OD4I0piPJNQrkL2ZL

    Score
    10/10
    redlinenormdiscoveryinfostealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks