redline | 4684f3e1b8f09396c15c5404fbf5a6920612c0bac27f1efcfc1fc677443fb09c | Triage

Sharing

General

Target

4684f3e1b8f09396c15c5404fbf5a6920612c0bac27f1efcfc1fc677443fb09c
Size

480KB
Sample

230506-1h113sgh49
MD5

68f1e9940eca94eae5afc7262020ac89
SHA1

5bb896f17d17608e9849606e191ade4b254538f4
SHA256

4684f3e1b8f09396c15c5404fbf5a6920612c0bac27f1efcfc1fc677443fb09c
SHA512

27db8e0b5074df81034431c2379730085b5cade901449b8c06a176f7381f1ae1df8f86b9b75f1abc348ea6d5c7d33619feecb819573e5521adca78c41930d71a
SSDEEP

6144:KHy+bnr+/up0yN90QEKLhxkL4Q5xCW6Rd7HDByt7mne+kMt4+wDri20ET2gDmAbT:tMrIvy90cYJ5xuRdbcOthwy2wgX3

Score

10^/10

redline daris infostealer persistence stealer

Malware Config

Extracted

Family

redline

Botnet

daris

C2

217.196.96.56:4138

Attributes

auth_value
3491f24ae0250969cd45ce4b3fe77549

Targets

- Target
  
  4684f3e1b8f09396c15c5404fbf5a6920612c0bac27f1efcfc1fc677443fb09c
- Size
  
  480KB
- MD5
  
  68f1e9940eca94eae5afc7262020ac89
- SHA1
  
  5bb896f17d17608e9849606e191ade4b254538f4
- SHA256
  
  4684f3e1b8f09396c15c5404fbf5a6920612c0bac27f1efcfc1fc677443fb09c
- SHA512
  
  27db8e0b5074df81034431c2379730085b5cade901449b8c06a176f7381f1ae1df8f86b9b75f1abc348ea6d5c7d33619feecb819573e5521adca78c41930d71a
- SSDEEP
  
  6144:KHy+bnr+/up0yN90QEKLhxkL4Q5xCW6Rd7HDByt7mne+kMt4+wDri20ET2gDmAbT:tMrIvy90cYJ5xuRdbcOthwy2wgX3
Score

10^/10

redline daris infostealer persistence stealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedarisinfostealerpersistence

behavioral2

redlinedarisinfostealerpersistencestealer