redline | 7fe0e5642a01386e950d21d1cd2e5aa171e6b6e403100e9842809a240466b4f1 | Triage

Sharing

General

Target

7fe0e5642a01386e950d21d1cd2e5aa171e6b6e403100e9842809a240466b4f1
Size

793KB
Sample

230505-w7p8nafh2w
MD5

89502c6c153edde186731b3374d803dd
SHA1

50535f39cee7d9d53333bef4bf702af8a9283743
SHA256

7fe0e5642a01386e950d21d1cd2e5aa171e6b6e403100e9842809a240466b4f1
SHA512

aacb5b9092adda55ff623abdc754d1479074795d88deaaaff0ea42ca8342d8c510384654a3cbf0efa6ac15a7ea4519421e18a4cf3467128074059a8ed8cff905
SSDEEP

24576:Byecjv2SbngMnoRGOj8bD9q5LlhSOjLwe:0eXMohp5Ljfvw

Score

10^/10

redline dante gena infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

gena

C2

185.161.248.73:4164

Attributes

auth_value
d05bf43eef533e262271449829751d07

Extracted

Family

redline

Botnet

dante

C2

185.161.248.73:4164

Attributes

auth_value
f4066af6b8a6f23125c8ee48288a3f90

Targets

- Target
  
  7fe0e5642a01386e950d21d1cd2e5aa171e6b6e403100e9842809a240466b4f1
- Size
  
  793KB
- MD5
  
  89502c6c153edde186731b3374d803dd
- SHA1
  
  50535f39cee7d9d53333bef4bf702af8a9283743
- SHA256
  
  7fe0e5642a01386e950d21d1cd2e5aa171e6b6e403100e9842809a240466b4f1
- SHA512
  
  aacb5b9092adda55ff623abdc754d1479074795d88deaaaff0ea42ca8342d8c510384654a3cbf0efa6ac15a7ea4519421e18a4cf3467128074059a8ed8cff905
- SSDEEP
  
  24576:Byecjv2SbngMnoRGOj8bD9q5LlhSOjLwe:0eXMohp5Ljfvw
Score

10^/10

redline dante gena infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedantegenainfostealerpersistence

behavioral2