redline | 33ff8a901c390feb29e0bbecbd6208221698554dd1deb45c55ed9cee87f7882c | Triage

Sharing

General

Target

33ff8a901c390feb29e0bbecbd6208221698554dd1deb45c55ed9cee87f7882c
Size

1.1MB
Sample

230516-npys3sae68
MD5

e80f0d6bd346f52e2ef716355632d344
SHA1

1db4cb1edb54fc19e170e1a2c4b568e205ad9075
SHA256

33ff8a901c390feb29e0bbecbd6208221698554dd1deb45c55ed9cee87f7882c
SHA512

acc848916ff11a7b1d37434be1cad999a09aaf8cc4fb5a43f182c084ce2ea473a88c00c6c36a8496d01b109e0ee1db6b50bfbb5f861fab67209f4b24e794f54f
SSDEEP

24576:Sy/OaR+5c/kXqh7y76hMg6NKhgewUEHX0v0wPpYS7DKx:5PGc/uqh7rMgmKh3w1HXG04ni

Score

10^/10

redline dopon infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

dopon

C2

185.161.248.75:4132

Attributes

auth_value
8b75ad7ee23fb4d414b2c7174486600e

Targets

- Target
  
  33ff8a901c390feb29e0bbecbd6208221698554dd1deb45c55ed9cee87f7882c
- Size
  
  1.1MB
- MD5
  
  e80f0d6bd346f52e2ef716355632d344
- SHA1
  
  1db4cb1edb54fc19e170e1a2c4b568e205ad9075
- SHA256
  
  33ff8a901c390feb29e0bbecbd6208221698554dd1deb45c55ed9cee87f7882c
- SHA512
  
  acc848916ff11a7b1d37434be1cad999a09aaf8cc4fb5a43f182c084ce2ea473a88c00c6c36a8496d01b109e0ee1db6b50bfbb5f861fab67209f4b24e794f54f
- SSDEEP
  
  24576:Sy/OaR+5c/kXqh7y76hMg6NKhgewUEHX0v0wPpYS7DKx:5PGc/uqh7rMgmKh3w1HXG04ni
Score

10^/10

redline dopon infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedoponinfostealerpersistence