redline

General

Target

b6983b275bbcfc343b7d7cca8d102f2b940165cedf1301c727165953d2b34ff7.bin
Size

1.2MB
Sample

230505-xt5a4agb85
MD5

ab67c1651f4c05d94d91162d3e3e6b2f
SHA1

eed26c7077d8d2401ffc67924a87ee45e1480852
SHA256

b6983b275bbcfc343b7d7cca8d102f2b940165cedf1301c727165953d2b34ff7
SHA512

4b1566f87896c3cb445bfdfd029812cdea5ef8b03f2fe68847cca2b887524d64da1b2d39a3804421af0a1d64f40acb2116df010f8b9000b854e46f9bdc3fb82d
SSDEEP

24576:zyaBBra9rUv8jHFZIaXKmiKPumFOq2FcJi3wnfXV9dCTw:GaBBrSrUEzvfXojdN2JPfXbdCT

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

gena

C2

185.161.248.73:4164

Attributes

auth_value
d05bf43eef533e262271449829751d07

Extracted

Family

redline

Botnet

life

C2

185.161.248.73:4164

Attributes

auth_value
8685d11953530b68ad5ec703809d9f91

Targets

- Target
  
  b6983b275bbcfc343b7d7cca8d102f2b940165cedf1301c727165953d2b34ff7.bin
- Size
  
  1.2MB
- MD5
  
  ab67c1651f4c05d94d91162d3e3e6b2f
- SHA1
  
  eed26c7077d8d2401ffc67924a87ee45e1480852
- SHA256
  
  b6983b275bbcfc343b7d7cca8d102f2b940165cedf1301c727165953d2b34ff7
- SHA512
  
  4b1566f87896c3cb445bfdfd029812cdea5ef8b03f2fe68847cca2b887524d64da1b2d39a3804421af0a1d64f40acb2116df010f8b9000b854e46f9bdc3fb82d
- SSDEEP
  
  24576:zyaBBra9rUv8jHFZIaXKmiKPumFOq2FcJi3wnfXV9dCTw:GaBBrSrUEzvfXojdN2JPfXbdCT
Score

10^/10

redline gena life infostealer persistence stealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Detects Redline Stealer samples

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2