redline | 25e69eeedced307d35b11916dcd4cefca08068d4f87fb71c8fb6ab242f8542c9 | Triage

Sharing

General

Target

25e69eeedced307d35b11916dcd4cefca08068d4f87fb71c8fb6ab242f8542c9
Size

588KB
Sample

230506-zt8pmaeb44
MD5

ed541c1efe2b4b56a7640dab5e08d279
SHA1

dff90d35232bb2d162f870c76cea2c7192889470
SHA256

25e69eeedced307d35b11916dcd4cefca08068d4f87fb71c8fb6ab242f8542c9
SHA512

9b044cb5231a0d968e2e19c0c5cebd28e1eeaabf80b3f9b5c543931a95c0a9c580f58f7ca2cff7cd52df1b60ca678bc5f3ef7ff0a7234ab977d22dfeed5a21f6
SSDEEP

12288:ZMrqy90Bj6d+YHnZ/6fHr4keBUv7VyFoR45XVxw:3yemk6/kH8dBUvAiClxw

Score

10^/10

redline daris infostealer persistence stealer

Malware Config

Extracted

Family

redline

Botnet

daris

C2

217.196.96.56:4138

Attributes

auth_value
3491f24ae0250969cd45ce4b3fe77549

Targets

- Target
  
  25e69eeedced307d35b11916dcd4cefca08068d4f87fb71c8fb6ab242f8542c9
- Size
  
  588KB
- MD5
  
  ed541c1efe2b4b56a7640dab5e08d279
- SHA1
  
  dff90d35232bb2d162f870c76cea2c7192889470
- SHA256
  
  25e69eeedced307d35b11916dcd4cefca08068d4f87fb71c8fb6ab242f8542c9
- SHA512
  
  9b044cb5231a0d968e2e19c0c5cebd28e1eeaabf80b3f9b5c543931a95c0a9c580f58f7ca2cff7cd52df1b60ca678bc5f3ef7ff0a7234ab977d22dfeed5a21f6
- SSDEEP
  
  12288:ZMrqy90Bj6d+YHnZ/6fHr4keBUv7VyFoR45XVxw:3yemk6/kH8dBUvAiClxw
Score

10^/10

redline daris infostealer persistence stealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedarisinfostealerpersistence

behavioral2

redlinedarisinfostealerpersistencestealer