redline | 015aa5448ec0a4fc941dddf90dc5e73914b7976541b9e51656756bc4e4491c50 | Triage

Sharing

General

Target

015aa5448ec0a4fc941dddf90dc5e73914b7976541b9e51656756bc4e4491c50
Size

1.5MB
Sample

230506-2henhsda37
MD5

93e176c4a5e13eeaac79a9895c171a63
SHA1

691559862dcdb65cfd29ee782cb1fc3c1989076a
SHA256

015aa5448ec0a4fc941dddf90dc5e73914b7976541b9e51656756bc4e4491c50
SHA512

466b92e74d61df1179b56ca1bf824e8d2f7dee7a0aa7a53e981dd3e1333056c53357dcaf18eda3569249d0fb388a210462768e30ca82b2a6291e065091a1a3e4
SSDEEP

24576:Ey0KOjVN8JVc97Dkkqexh9B23nc+XIxlILXB82scSRQ+YjkUyugAldBC:T7OxGJV6nqihf23nc+Yf+X3jSeX0Ald

Score

10^/10

redline most infostealer persistence stealer

Malware Config

Extracted

Family

redline

Botnet

most

C2

185.161.248.73:4164

Attributes

auth_value
7da4dfa153f2919e617aa016f7c36008

Targets

- Target
  
  015aa5448ec0a4fc941dddf90dc5e73914b7976541b9e51656756bc4e4491c50
- Size
  
  1.5MB
- MD5
  
  93e176c4a5e13eeaac79a9895c171a63
- SHA1
  
  691559862dcdb65cfd29ee782cb1fc3c1989076a
- SHA256
  
  015aa5448ec0a4fc941dddf90dc5e73914b7976541b9e51656756bc4e4491c50
- SHA512
  
  466b92e74d61df1179b56ca1bf824e8d2f7dee7a0aa7a53e981dd3e1333056c53357dcaf18eda3569249d0fb388a210462768e30ca82b2a6291e065091a1a3e4
- SSDEEP
  
  24576:Ey0KOjVN8JVc97Dkkqexh9B23nc+XIxlILXB82scSRQ+YjkUyugAldBC:T7OxGJV6nqihf23nc+Yf+X3jSeX0Ald
Score

10^/10

redline most infostealer persistence stealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinemostinfostealerpersistence

behavioral2

redlinemostinfostealerpersistencestealer