redline | 21c99f5b83a1a9e45d9b02a6d2ed7e22217058de5521684ed9cf363f88922e9a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

21c99f5b83a1a9e45d9b02a6d2ed7e22217058de5521684ed9cf363f88922e9a
Size

603KB
Sample

230506-zrnlnsfg9z
MD5

dbd41de51fa0b6bf5b6f06f5210711ac
SHA1

4f2cb6a2be53509de07b383e741799190224ca29
SHA256

21c99f5b83a1a9e45d9b02a6d2ed7e22217058de5521684ed9cf363f88922e9a
SHA512

56f20633bad77f3d5b10f0d0480ae013bf3081c42c71315d43db378cb29950f5137a8e2e3c0323ce2dfe34fa1fd3f7d309b5a3452e961a5e31fb691b5b6f6887
SSDEEP

12288:WMrcy90qs7TwBiuxSTQH3b/3038u5xAMgxgnFGjAu1+pG:WyMABiarrP01vAPx8GjAuOG

Score

10^/10

redline daris infostealer persistence stealer

Malware Config

Extracted

Family

redline

Botnet

daris

C2

217.196.96.56:4138

Attributes

auth_value
3491f24ae0250969cd45ce4b3fe77549

Targets

- Target
  
  21c99f5b83a1a9e45d9b02a6d2ed7e22217058de5521684ed9cf363f88922e9a
- Size
  
  603KB
- MD5
  
  dbd41de51fa0b6bf5b6f06f5210711ac
- SHA1
  
  4f2cb6a2be53509de07b383e741799190224ca29
- SHA256
  
  21c99f5b83a1a9e45d9b02a6d2ed7e22217058de5521684ed9cf363f88922e9a
- SHA512
  
  56f20633bad77f3d5b10f0d0480ae013bf3081c42c71315d43db378cb29950f5137a8e2e3c0323ce2dfe34fa1fd3f7d309b5a3452e961a5e31fb691b5b6f6887
- SSDEEP
  
  12288:WMrcy90qs7TwBiuxSTQH3b/3038u5xAMgxgnFGjAu1+pG:WyMABiarrP01vAPx8GjAuOG
Score

10^/10

redline daris infostealer persistence stealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedarisinfostealerpersistence

behavioral2

redlinedarisinfostealerpersistencestealer