redline

General

Target

3fe27a9b9901477e4610711538be31a4aa9e84aab3cb063c5180c6c9bfa1d757.bin
Size

1.2MB
Sample

230506-1dc4fsac6t
MD5

a07e73daae433dd6b77951e9ea872147
SHA1

1a1eb5d52ca7154080b196b1288256565a9ddb5b
SHA256

3fe27a9b9901477e4610711538be31a4aa9e84aab3cb063c5180c6c9bfa1d757
SHA512

1b898e8a62637226fcfda407d62d96988ab74c7326596a91d5402c27925c0462d448156908b448e02846dceb937fc25784ef212f5312e9e0e3f46548db391ba2
SSDEEP

24576:1yryGAuG5URsg474tJzZlVTG5YX2/Q1iv0/7H92OnuG+RF:Qr/AuOatJzdTG5YX0Q1i82+

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

gena

C2

185.161.248.73:4164

Attributes

auth_value
d05bf43eef533e262271449829751d07

Extracted

Family

redline

Botnet

life

C2

185.161.248.73:4164

Attributes

auth_value
8685d11953530b68ad5ec703809d9f91

Targets

- Target
  
  3fe27a9b9901477e4610711538be31a4aa9e84aab3cb063c5180c6c9bfa1d757.bin
- Size
  
  1.2MB
- MD5
  
  a07e73daae433dd6b77951e9ea872147
- SHA1
  
  1a1eb5d52ca7154080b196b1288256565a9ddb5b
- SHA256
  
  3fe27a9b9901477e4610711538be31a4aa9e84aab3cb063c5180c6c9bfa1d757
- SHA512
  
  1b898e8a62637226fcfda407d62d96988ab74c7326596a91d5402c27925c0462d448156908b448e02846dceb937fc25784ef212f5312e9e0e3f46548db391ba2
- SSDEEP
  
  24576:1yryGAuG5URsg474tJzZlVTG5YX2/Q1iv0/7H92OnuG+RF:Qr/AuOatJzdTG5YX0Q1i82+
Score

10^/10

redline gena life infostealer persistence stealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Detects Redline Stealer samples

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2