redline | 825dfe48062002a35ba01cb1b4114468be1e478d100b2b63bacd2162c41c806f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

discord_token.exe
Size

1.0MB
Sample

230520-kkmy8sea91
MD5

5331a0c90ee1336a183267d77e0b15a5
SHA1

9961ed27bcd7e3a34415a75a11b87af3b5060783
SHA256

825dfe48062002a35ba01cb1b4114468be1e478d100b2b63bacd2162c41c806f
SHA512

b107d93ea8305e5111d677aafb8667cd9e8e6af4e8a0b61e1fc5aea1f99e58d201a886acb9baa4990cddfbe40ccde3728be79a858effdffe7b44de20c28914cd
SSDEEP

24576:ky6x4GJxj08gPdEE0pIjss5tQWkvwOg4yQnE6:zFog88EJs5tQWne

Score

10^/10

redline deren infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

deren

C2

77.91.68.253:19065

Attributes

auth_value
04a169f1fb198bfbeca74d0e06ea2d54

Targets

- Target
  
  discord_token.exe
- Size
  
  1.0MB
- MD5
  
  5331a0c90ee1336a183267d77e0b15a5
- SHA1
  
  9961ed27bcd7e3a34415a75a11b87af3b5060783
- SHA256
  
  825dfe48062002a35ba01cb1b4114468be1e478d100b2b63bacd2162c41c806f
- SHA512
  
  b107d93ea8305e5111d677aafb8667cd9e8e6af4e8a0b61e1fc5aea1f99e58d201a886acb9baa4990cddfbe40ccde3728be79a858effdffe7b44de20c28914cd
- SSDEEP
  
  24576:ky6x4GJxj08gPdEE0pIjss5tQWkvwOg4yQnE6:zFog88EJs5tQWne
Score

10^/10

redline deren infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedereninfostealerpersistence

behavioral2

redlinedereninfostealerpersistence