redline | 16c56f4ad2eb5a0dd07d332cfc1fef14871cbe6fcbb3c387c87dc606a1743abe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

16c56f4ad2eb5a0dd07d332cfc1fef14871cbe6fcbb3c387c87dc606a1743abe
Size

556KB
Sample

230506-zfj44sce57
MD5

1655db6c02477ab7c13203588408959d
SHA1

e4eff20fafd893b43718d2e39ced32a5a9a14d94
SHA256

16c56f4ad2eb5a0dd07d332cfc1fef14871cbe6fcbb3c387c87dc606a1743abe
SHA512

89c030da96199033e6594e82107e5837a9cd5769e046b6ea95de9cdbc7e986cc3553ec4e3772e8ed1b59c59a7eba40a6c4bdb3b7433f995bd69744c372e345f4
SSDEEP

6144:K1y+bnr+Qp0yN90QEcibUnIy9CHmzSR25XsnoXVgGA/gchvuqUNLUFAeQWcQ0+dL:HMroy908nVmR+cnpG23L9Fs+R3IXXg

Score

10^/10

redline darm infostealer persistence stealer

Malware Config

Extracted

Family

redline

Botnet

darm

C2

217.196.96.56:4138

Attributes

auth_value
d88ac8ccc04ab9979b04b46313db1648

Targets

- Target
  
  16c56f4ad2eb5a0dd07d332cfc1fef14871cbe6fcbb3c387c87dc606a1743abe
- Size
  
  556KB
- MD5
  
  1655db6c02477ab7c13203588408959d
- SHA1
  
  e4eff20fafd893b43718d2e39ced32a5a9a14d94
- SHA256
  
  16c56f4ad2eb5a0dd07d332cfc1fef14871cbe6fcbb3c387c87dc606a1743abe
- SHA512
  
  89c030da96199033e6594e82107e5837a9cd5769e046b6ea95de9cdbc7e986cc3553ec4e3772e8ed1b59c59a7eba40a6c4bdb3b7433f995bd69744c372e345f4
- SSDEEP
  
  6144:K1y+bnr+Qp0yN90QEcibUnIy9CHmzSR25XsnoXVgGA/gchvuqUNLUFAeQWcQ0+dL:HMroy908nVmR+cnpG23L9Fs+R3IXXg
Score

10^/10

redline darm infostealer persistence stealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedarminfostealerpersistence

behavioral2

redlinedarminfostealerpersistencestealer