redline | 0602b484bdcc0ae74012137ba3833201402c094f600d6a3cdabe47c9c9e107ef | Triage

Sharing

General

Target

0602b484bdcc0ae74012137ba3833201402c094f600d6a3cdabe47c9c9e107ef.exe
Size

1.1MB
Sample

230518-qxd5rahh81
MD5

540d13527238f444eafe19b39ebba972
SHA1

c08f66cb8d4890250a3565f176f022533db626e3
SHA256

0602b484bdcc0ae74012137ba3833201402c094f600d6a3cdabe47c9c9e107ef
SHA512

907cee6afd970cecfb6f2756932c353c4f889e045fb0ebaf448a6888675dcfb72a3a50338939fe62e0f0aa8196aaf0cecbd9f33a1ffd771aa250908ba94319b8
SSDEEP

24576:ayNGNvIKIcX8X3B8S6wpYKtJCicwAKQT46Nx9pJ:hawYsX3uCYKt5cKv+zp

Score

10^/10

redline desto infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

desto

C2

185.161.248.75:4132

Attributes

auth_value
9170d4ae7d11eaa24684a71b73bf9c86

Targets

- Target
  
  0602b484bdcc0ae74012137ba3833201402c094f600d6a3cdabe47c9c9e107ef.exe
- Size
  
  1.1MB
- MD5
  
  540d13527238f444eafe19b39ebba972
- SHA1
  
  c08f66cb8d4890250a3565f176f022533db626e3
- SHA256
  
  0602b484bdcc0ae74012137ba3833201402c094f600d6a3cdabe47c9c9e107ef
- SHA512
  
  907cee6afd970cecfb6f2756932c353c4f889e045fb0ebaf448a6888675dcfb72a3a50338939fe62e0f0aa8196aaf0cecbd9f33a1ffd771aa250908ba94319b8
- SSDEEP
  
  24576:ayNGNvIKIcX8X3B8S6wpYKtJCicwAKQT46Nx9pJ:hawYsX3uCYKt5cKv+zp
Score

10^/10

redline desto infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedestoinfostealerpersistence

behavioral2

redlinedestoinfostealerpersistence