redline | 34f54e01b0e6b33cee3bd34c3ea127d66e808dc9def2e5f2f87335e2b988fd7d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c65bca3187055f7e3d9ef433a54608d2.bin
Size

666KB
Sample

230214-b49snshh35
MD5

4457ca5cac218798838ab2d5f68b9a0c
SHA1

86cf1de2123baec324cefa6c3886699e075a1083
SHA256

34f54e01b0e6b33cee3bd34c3ea127d66e808dc9def2e5f2f87335e2b988fd7d
SHA512

a5ca06c5ad3c7b6b37966609982fd9ec397551620267064de11356b95aeded1b22efbcd45798fdfbaf3250e7f81a6452152d4869e5f506400de4eed2bc2e89dc
SSDEEP

12288:DbWcyBx8kaJa2izZb8Sy5lZyJc2OsxaN1CmSdd5c/nzwutmYmPsoXucWu4W/3q:cAkaJa2idsZOc2Osxa/Sdw/zwut9mjHq

Score

10^/10

redline dunm infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

dunm

C2

193.233.20.12:4132

Attributes

auth_value
352959e3707029296ec94306d74e2334

Targets

- Target
  
  0143e6dc021cd5746ff4c791010a9168608970e7890fa4ae0479d6a72d75737b.exe
- Size
  
  717KB
- MD5
  
  c65bca3187055f7e3d9ef433a54608d2
- SHA1
  
  92d692f56bbbc593801d3f4e7e6c6d1316203d5b
- SHA256
  
  0143e6dc021cd5746ff4c791010a9168608970e7890fa4ae0479d6a72d75737b
- SHA512
  
  46c2dde1d5bd176dc16ee2a44cc7038b08a723f56110573ac81eeebfee8a64760b792fff8eab2f41c46137e9baca633c01e1689d6a554c91afae53e462fee6f4
- SSDEEP
  
  12288:NMrxy90uFlUa0T+b+699MWxHrYyeJaE2NN/a5RJOfVq6Xmlgz:syOa0Tl+FxLia1NYRJ6qqmS
Score

10^/10

redline dunm infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedunminfostealerpersistence

behavioral2

redlinedunminfostealerpersistence