redline | 2c90cae133dd907c23b102bda785d4f4a3d7ee3613ccc0630930386dc23c4fed | Triage

Sharing

General

Target

2c90cae133dd907c23b102bda785d4f4a3d7ee3613ccc0630930386dc23c4fed
Size

566KB
Sample

230506-zy6qtsef72
MD5

a5b6eddb60e381c69421ee60b28b68f2
SHA1

996a54f8833c380082d0af5667dfedc256e66248
SHA256

2c90cae133dd907c23b102bda785d4f4a3d7ee3613ccc0630930386dc23c4fed
SHA512

fbdc26ea54b91dbf419e5330e2dc97b376ac11dd219f80910ab3284a77dab8d497a7b41cbc1e083918834eb5b72b4e82303e02df595bd0aa59755b882194f6e9
SSDEEP

12288:uMrty90Tkg9FqMeMk0cxSRfgToTHRm6oLtQ9MchnG:rye1ob0QSKTUF6RchG

Score

10^/10

redline darm infostealer persistence stealer

Malware Config

Extracted

Family

redline

Botnet

darm

C2

217.196.96.56:4138

Attributes

auth_value
d88ac8ccc04ab9979b04b46313db1648

Targets

- Target
  
  2c90cae133dd907c23b102bda785d4f4a3d7ee3613ccc0630930386dc23c4fed
- Size
  
  566KB
- MD5
  
  a5b6eddb60e381c69421ee60b28b68f2
- SHA1
  
  996a54f8833c380082d0af5667dfedc256e66248
- SHA256
  
  2c90cae133dd907c23b102bda785d4f4a3d7ee3613ccc0630930386dc23c4fed
- SHA512
  
  fbdc26ea54b91dbf419e5330e2dc97b376ac11dd219f80910ab3284a77dab8d497a7b41cbc1e083918834eb5b72b4e82303e02df595bd0aa59755b882194f6e9
- SSDEEP
  
  12288:uMrty90Tkg9FqMeMk0cxSRfgToTHRm6oLtQ9MchnG:rye1ob0QSKTUF6RchG
Score

10^/10

redline darm infostealer persistence stealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedarminfostealerpersistence

behavioral2

redlinedarminfostealerpersistencestealer