redline | 2227902d9a2b096bdfcafeb7ef42c413ab65087f8761f30b9baaec856250734f | Triage

Sharing

General

Target

2227902d9a2b096bdfcafeb7ef42c413ab65087f8761f30b9baaec856250734f.bin
Size

1.5MB
Sample

230506-zrznyadg76
MD5

64a48944628e9786978e243aa5ef628f
SHA1

0b3cffe9f70b5b38f1be03bf5b7dc79b3b417da5
SHA256

2227902d9a2b096bdfcafeb7ef42c413ab65087f8761f30b9baaec856250734f
SHA512

d2ebd51f4b1bc38a3395ac06525917d6f2703392186252070353bc055d7aca16897ffdd5bf3c3382a4940a63830dd0312ff550c1e879010a84171b1024dc9b9d
SSDEEP

24576:Iy6/g14sotpfiYb6mROE0k5iggexwSA/SV1wSfNV9t6OyDR2OAU:PQs0686UOu7g+06T3fLmO423

Score

10^/10

redline most infostealer persistence stealer

Malware Config

Extracted

Family

redline

Botnet

most

C2

185.161.248.73:4164

Attributes

auth_value
7da4dfa153f2919e617aa016f7c36008

Targets

- Target
  
  2227902d9a2b096bdfcafeb7ef42c413ab65087f8761f30b9baaec856250734f.bin
- Size
  
  1.5MB
- MD5
  
  64a48944628e9786978e243aa5ef628f
- SHA1
  
  0b3cffe9f70b5b38f1be03bf5b7dc79b3b417da5
- SHA256
  
  2227902d9a2b096bdfcafeb7ef42c413ab65087f8761f30b9baaec856250734f
- SHA512
  
  d2ebd51f4b1bc38a3395ac06525917d6f2703392186252070353bc055d7aca16897ffdd5bf3c3382a4940a63830dd0312ff550c1e879010a84171b1024dc9b9d
- SSDEEP
  
  24576:Iy6/g14sotpfiYb6mROE0k5iggexwSA/SV1wSfNV9t6OyDR2OAU:PQs0686UOu7g+06T3fLmO423
Score

10^/10

redline most infostealer persistence stealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinemostinfostealerpersistence

behavioral2

redlinemostinfostealerpersistencestealer