redline | 01b6baf9abd25a3b8e4b4bbe803a52013c55dec97bb0a4d9ffd4ec29c80d57c0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

868ffdfc1a8da8187418ed72676cbf8e.bin
Size

671KB
Sample

230215-bw94gagh9w
MD5

7e91f10555b979bcf76f83a8720fa4c3
SHA1

4bc17f3873968e4609f0e6658a0afa36717e9735
SHA256

01b6baf9abd25a3b8e4b4bbe803a52013c55dec97bb0a4d9ffd4ec29c80d57c0
SHA512

fb6c74ec2cb30d3af8214178e9d685a39627dfa16a80a93fad6a1395af9eb959a93ca3dd3a05046498b51e389b5756ad30222e4fd9a323827fd6200066f2ab65
SSDEEP

12288:J6RvOP9IdDiPKlxWxBvlpXuqxHc51an8rBq8o/bOwqNczxjPAnyUKl:S2AeaxWNpeqxUQnOBq8o6/NcoyZ

Score

10^/10

redline dunm infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

dunm

C2

193.233.20.12:4132

Attributes

auth_value
352959e3707029296ec94306d74e2334

Targets

- Target
  
  8ecabb42fe3cbdb6a89a113eb3d160817682d6546f7f629811a4621e2cbc8842.exe
- Size
  
  721KB
- MD5
  
  868ffdfc1a8da8187418ed72676cbf8e
- SHA1
  
  47f02374991b47bc9c0b66df0694750cfd3c96f2
- SHA256
  
  8ecabb42fe3cbdb6a89a113eb3d160817682d6546f7f629811a4621e2cbc8842
- SHA512
  
  70064194c523822269fb741f1b585c5c89dfe141c9b16ee540c9ec8ad468b453762b18e8f1e4c1f3ce53df8d4ff70160a454ca8cc4f84fc985415a262e74239d
- SSDEEP
  
  12288:EMray90ZUJfRuHv9R7mS9FV97C8THVKeJ+xvYyGRg9AXeoVH5vwcKebku79CzMbF:OyHJfRIvnX91C8TxagjR/XT5vBOaoMbF
Score

10^/10

redline dunm infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedunminfostealerpersistence

behavioral2

redlinedunminfostealerpersistence