redline | b1be080c635cc02ebe6c098c3aa4dae2c804598257f83616df61b814c6e1b005 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b1be080c635cc02ebe6c098c3aa4dae2c804598257f83616df61b814c6e1b005.bin
Size

1.5MB
Sample

230505-xq46xsaa4w
MD5

9cb09fcf8558f8afdb6b97a91b65396d
SHA1

26d24e91c936d44c26a99fe6368312572af08c85
SHA256

b1be080c635cc02ebe6c098c3aa4dae2c804598257f83616df61b814c6e1b005
SHA512

95b98d42025ba66b973587c3f2a4bf4b7510a01e4cc5d5782895f6ee581689c8b60585cea2604b53a7c23784b0967507d8f76ff7df707c5db415d8bc40c2766f
SSDEEP

24576:CyZHRw6nAJAIhZOSIpsefWiGfJRg4DVpFe1xXlPfbwTXySHihKisIVJcyDftPszK:pZK63SItWLg4DVStdDwTiSHi3PW+FXsb

Score

10^/10

redline most infostealer persistence stealer

Malware Config

Extracted

Family

redline

Botnet

most

C2

185.161.248.73:4164

Attributes

auth_value
7da4dfa153f2919e617aa016f7c36008

Targets

- Target
  
  b1be080c635cc02ebe6c098c3aa4dae2c804598257f83616df61b814c6e1b005.bin
- Size
  
  1.5MB
- MD5
  
  9cb09fcf8558f8afdb6b97a91b65396d
- SHA1
  
  26d24e91c936d44c26a99fe6368312572af08c85
- SHA256
  
  b1be080c635cc02ebe6c098c3aa4dae2c804598257f83616df61b814c6e1b005
- SHA512
  
  95b98d42025ba66b973587c3f2a4bf4b7510a01e4cc5d5782895f6ee581689c8b60585cea2604b53a7c23784b0967507d8f76ff7df707c5db415d8bc40c2766f
- SSDEEP
  
  24576:CyZHRw6nAJAIhZOSIpsefWiGfJRg4DVpFe1xXlPfbwTXySHihKisIVJcyDftPszK:pZK63SItWLg4DVStdDwTiSHi3PW+FXsb
Score

10^/10

redline most infostealer persistence stealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinemostinfostealerpersistence

behavioral2

redlinemostinfostealerpersistencestealer