redline | 2cd29c4a5b699601bfd6e3d1d231dccd2594762ec854d5ec6c37d9ed42fc90ce | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2cd29c4a5b699601bfd6e3d1d231dccd2594762ec854d5ec6c37d9ed42fc90ce
Size

643KB
Sample

230506-zy939agf9w
MD5

a7918d2989dfa29d6cc72c5730c8e8ed
SHA1

4b9ced4e13f347800fff66df6cb862c402d3312e
SHA256

2cd29c4a5b699601bfd6e3d1d231dccd2594762ec854d5ec6c37d9ed42fc90ce
SHA512

fb19b19ebfdf8efecd4d2b70e21e8b86ee88ab97499342410fc6364b24f829d43c35af0a1ba94ef1863444b007c6a89426747560fc172aa3d3d9baf020c1c019
SSDEEP

12288:7Mrky90ZjgU7Z7o3BiZbWU0d3vF7dOrETRYHHqJiT8m6637DLk9:fyMgUJo3Ql30d3vt5R+KJmu

Score

10^/10

redline darm infostealer persistence stealer

Malware Config

Extracted

Family

redline

Botnet

darm

C2

217.196.96.56:4138

Attributes

auth_value
d88ac8ccc04ab9979b04b46313db1648

Targets

- Target
  
  2cd29c4a5b699601bfd6e3d1d231dccd2594762ec854d5ec6c37d9ed42fc90ce
- Size
  
  643KB
- MD5
  
  a7918d2989dfa29d6cc72c5730c8e8ed
- SHA1
  
  4b9ced4e13f347800fff66df6cb862c402d3312e
- SHA256
  
  2cd29c4a5b699601bfd6e3d1d231dccd2594762ec854d5ec6c37d9ed42fc90ce
- SHA512
  
  fb19b19ebfdf8efecd4d2b70e21e8b86ee88ab97499342410fc6364b24f829d43c35af0a1ba94ef1863444b007c6a89426747560fc172aa3d3d9baf020c1c019
- SSDEEP
  
  12288:7Mrky90ZjgU7Z7o3BiZbWU0d3vF7dOrETRYHHqJiT8m6637DLk9:fyMgUJo3Ql30d3vt5R+KJmu
Score

10^/10

redline darm infostealer persistence stealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedarminfostealerpersistence

behavioral2

redlinedarminfostealerpersistencestealer