redline | 59da8ea8579182626fa244c82848ca9856f15fe8b07a1a63546a423ae90784d7 | Triage

Sharing

General

Target

59da8ea8579182626fa244c82848ca9856f15fe8b07a1a63546a423ae90784d7
Size

1.0MB
Sample

230522-fwj99sha5v
MD5

0127afc464c5230c7ca13f46c1f8ff2e
SHA1

9cf7409e394202be8e4aa5bcd18e40a09c648893
SHA256

59da8ea8579182626fa244c82848ca9856f15fe8b07a1a63546a423ae90784d7
SHA512

a1c7e2b015b2f6f2665a7a9d2ef3c4a9a76186b6b247822fcae2e5a2201426cf9f0f0e63d70d4353723f4720597070737fbf5bd56ff538bf440245a768987d13
SSDEEP

24576:ByVUNBhCKN+jGsm8hMGvyQK8lCtC3MYKgLNJTqT1bI:0MmKKjv7Zh3TS1

Score

10^/10

redline diza infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

diza

C2

185.161.248.37:4138

Attributes

auth_value
0d09b419c8bc967f91c68be4a17e92ee

Targets

- Target
  
  59da8ea8579182626fa244c82848ca9856f15fe8b07a1a63546a423ae90784d7
- Size
  
  1.0MB
- MD5
  
  0127afc464c5230c7ca13f46c1f8ff2e
- SHA1
  
  9cf7409e394202be8e4aa5bcd18e40a09c648893
- SHA256
  
  59da8ea8579182626fa244c82848ca9856f15fe8b07a1a63546a423ae90784d7
- SHA512
  
  a1c7e2b015b2f6f2665a7a9d2ef3c4a9a76186b6b247822fcae2e5a2201426cf9f0f0e63d70d4353723f4720597070737fbf5bd56ff538bf440245a768987d13
- SSDEEP
  
  24576:ByVUNBhCKN+jGsm8hMGvyQK8lCtC3MYKgLNJTqT1bI:0MmKKjv7Zh3TS1
Score

10^/10

redline diza infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedizainfostealerpersistence