redline | e53bd8d9458c25d81bfcfd7a9a03572429e86d80d7829ec1e3c24556dfff3f1b | Triage

Sharing

General

Target

42345.exe
Size

1.0MB
Sample

230520-kjp27sea8x
MD5

15c0d4b500ecdb0536b7af315d9be0bf
SHA1

2eb39fdf2e3cf66765e021e26890dc493623c21b
SHA256

e53bd8d9458c25d81bfcfd7a9a03572429e86d80d7829ec1e3c24556dfff3f1b
SHA512

3ca185cf616210c51e06eac12984509922c8971126c58f187c9e189089a3ea2085b0f2c15e07e43896c25a02e0ff5761ce28a3dd91acdc6d131985ee144f7515
SSDEEP

24576:tyhHVPtyp93KZrj94MdDHkCTzGJLnnE8I:I3Ptw93KDLDgJLnE8

Score

10^/10

redline deren infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

deren

C2

77.91.68.253:19065

Attributes

auth_value
04a169f1fb198bfbeca74d0e06ea2d54

Targets

- Target
  
  42345.exe
- Size
  
  1.0MB
- MD5
  
  15c0d4b500ecdb0536b7af315d9be0bf
- SHA1
  
  2eb39fdf2e3cf66765e021e26890dc493623c21b
- SHA256
  
  e53bd8d9458c25d81bfcfd7a9a03572429e86d80d7829ec1e3c24556dfff3f1b
- SHA512
  
  3ca185cf616210c51e06eac12984509922c8971126c58f187c9e189089a3ea2085b0f2c15e07e43896c25a02e0ff5761ce28a3dd91acdc6d131985ee144f7515
- SSDEEP
  
  24576:tyhHVPtyp93KZrj94MdDHkCTzGJLnnE8I:I3Ptw93KDLDgJLnE8
Score

10^/10

redline deren infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedereninfostealerpersistence

behavioral2

redlinedereninfostealerpersistence