redline | 18c718e9a0037146b44d968bfab4c7c0ab195396e0a8c9f4394f6b82d0f8ab72 | Triage

Sharing

General

Target

18c718e9a0037146b44d968bfab4c7c0ab195396e0a8c9f4394f6b82d0f8ab72
Size

480KB
Sample

230506-zg6dqscg34
MD5

4d91be6f3eddafadb1db23c080a37e27
SHA1

66503ff75a31b7c642342bb8801ba7d94202de9a
SHA256

18c718e9a0037146b44d968bfab4c7c0ab195396e0a8c9f4394f6b82d0f8ab72
SHA512

f78dadb950b7c2424b9a75216e87ac7dccb341203a63a90c44afe6a433b7f0e2eca2c372158196754fb96fe43b5586de84d75b6bf73908f012654eb7056404ff
SSDEEP

12288:/Mrjy90iOT7wS/gn499YZXDKrJyw+T/U53SBe9n:Uy4d/gn49zf+453Dn

Score

10^/10

redline daris infostealer persistence stealer

Malware Config

Extracted

Family

redline

Botnet

daris

C2

217.196.96.56:4138

Attributes

auth_value
3491f24ae0250969cd45ce4b3fe77549

Targets

- Target
  
  18c718e9a0037146b44d968bfab4c7c0ab195396e0a8c9f4394f6b82d0f8ab72
- Size
  
  480KB
- MD5
  
  4d91be6f3eddafadb1db23c080a37e27
- SHA1
  
  66503ff75a31b7c642342bb8801ba7d94202de9a
- SHA256
  
  18c718e9a0037146b44d968bfab4c7c0ab195396e0a8c9f4394f6b82d0f8ab72
- SHA512
  
  f78dadb950b7c2424b9a75216e87ac7dccb341203a63a90c44afe6a433b7f0e2eca2c372158196754fb96fe43b5586de84d75b6bf73908f012654eb7056404ff
- SSDEEP
  
  12288:/Mrjy90iOT7wS/gn499YZXDKrJyw+T/U53SBe9n:Uy4d/gn49zf+453Dn
Score

10^/10

redline daris infostealer persistence stealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedarisinfostealerpersistence

behavioral2

redlinedarisinfostealerpersistencestealer