redline | 1ea36e1bb2e4c1b9f15e19adbcc7443ccb74b272820551b9f7672dc3b2ab2e5f | Triage

Sharing

General

Target

1ea36e1bb2e4c1b9f15e19adbcc7443ccb74b272820551b9f7672dc3b2ab2e5f
Size

643KB
Sample

230506-zm117sfd7y
MD5

6f562811f9e2b48e8d1c2e4a1ee454a9
SHA1

9ece8dc06ed22ae61bc91cc54f406cdc587828ab
SHA256

1ea36e1bb2e4c1b9f15e19adbcc7443ccb74b272820551b9f7672dc3b2ab2e5f
SHA512

c262927b45e9cbe40087b4303192bd82d9e6914ddd7c9410c641099602c7d87dd88a99648272c0ad5db336b07158b1d73a153e2499426f7e9cff690ed900b377
SSDEEP

12288:VMr3y90ko1v6FpTV+3oCexcSZGIa5RaujYGwvMOvtaFiqyU2U:yy61v6HxHC0cSZkTauQaoa

Score

10^/10

redline darm infostealer persistence stealer

Malware Config

Extracted

Family

redline

Botnet

darm

C2

217.196.96.56:4138

Attributes

auth_value
d88ac8ccc04ab9979b04b46313db1648

Targets

- Target
  
  1ea36e1bb2e4c1b9f15e19adbcc7443ccb74b272820551b9f7672dc3b2ab2e5f
- Size
  
  643KB
- MD5
  
  6f562811f9e2b48e8d1c2e4a1ee454a9
- SHA1
  
  9ece8dc06ed22ae61bc91cc54f406cdc587828ab
- SHA256
  
  1ea36e1bb2e4c1b9f15e19adbcc7443ccb74b272820551b9f7672dc3b2ab2e5f
- SHA512
  
  c262927b45e9cbe40087b4303192bd82d9e6914ddd7c9410c641099602c7d87dd88a99648272c0ad5db336b07158b1d73a153e2499426f7e9cff690ed900b377
- SSDEEP
  
  12288:VMr3y90ko1v6FpTV+3oCexcSZGIa5RaujYGwvMOvtaFiqyU2U:yy61v6HxHC0cSZkTauQaoa
Score

10^/10

redline darm infostealer persistence stealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedarminfostealerpersistence

behavioral2

redlinedarminfostealerpersistencestealer