redline | 9c201196b4d6a9963eb726e82bec362384df55abf5fa3373ab4d26c7df79d9ed | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9c201196b4d6a9963eb726e82bec362384df55abf5fa3373ab4d26c7df79d9ed.bin
Size

1.5MB
Sample

230505-xa2e4aeb93
MD5

634f3b71b7d6ae44d4caec2dfbe1b3a5
SHA1

5e5632ac4e65d1b043fc5f0ab157a8e7e5160cad
SHA256

9c201196b4d6a9963eb726e82bec362384df55abf5fa3373ab4d26c7df79d9ed
SHA512

b1aa56edad81e4d30df7e840adde9a6e05bdaebc2934887d427f4e53e4dd3af2be04901afc23be42dff055ee1f46674946a4d0311d7bdd236c8897f7c5747bb1
SSDEEP

24576:By1LC1zA0d3AYntgpuUamhA9o0Qb6yvK/Ic79HHoQcnocPc9RdA9NitFDByExf:05gce3AYnJ5D9oT6yvM97tjkc9w63B

Score

10^/10

redline most infostealer persistence stealer

Malware Config

Extracted

Family

redline

Botnet

most

C2

185.161.248.73:4164

Attributes

auth_value
7da4dfa153f2919e617aa016f7c36008

Targets

- Target
  
  9c201196b4d6a9963eb726e82bec362384df55abf5fa3373ab4d26c7df79d9ed.bin
- Size
  
  1.5MB
- MD5
  
  634f3b71b7d6ae44d4caec2dfbe1b3a5
- SHA1
  
  5e5632ac4e65d1b043fc5f0ab157a8e7e5160cad
- SHA256
  
  9c201196b4d6a9963eb726e82bec362384df55abf5fa3373ab4d26c7df79d9ed
- SHA512
  
  b1aa56edad81e4d30df7e840adde9a6e05bdaebc2934887d427f4e53e4dd3af2be04901afc23be42dff055ee1f46674946a4d0311d7bdd236c8897f7c5747bb1
- SSDEEP
  
  24576:By1LC1zA0d3AYntgpuUamhA9o0Qb6yvK/Ic79HHoQcnocPc9RdA9NitFDByExf:05gce3AYnJ5D9oT6yvM97tjkc9w63B
Score

10^/10

redline most infostealer persistence stealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinemostinfostealerpersistence

behavioral2

redlinemostinfostealerpersistencestealer