redline | 3ac990d234b64812738c0a185d10289abfb34d5ac6e60b8d52cc65cf455610aa | Triage

Sharing

General

Target

download232.exe
Size

1022KB
Sample

230522-mvszcaaf5y
MD5

e21ef2e82eb8428418cc2bb419f8219e
SHA1

c8d0baa12a48258c4e442c0f37449eeeab7140f9
SHA256

3ac990d234b64812738c0a185d10289abfb34d5ac6e60b8d52cc65cf455610aa
SHA512

9338f437b566334157e7d7372a8d27069b8f9c1ae11cddc5499f613c7e283fc4e8129bacec62c0bb73ef66e3d092cdc8c711e1a6f25a153ae5df70f83147e521
SSDEEP

12288:rMrIy906lGJumJac8Z/9rTaAMmO3p1Hxm1Cj3NHo+RZC98qF3jKCBUwZoNAU:vyHGsv9rTruJxjto+rC98UBnZoyU

Score

10^/10

redline diza infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

diza

C2

185.161.248.37:4138

Attributes

auth_value
0d09b419c8bc967f91c68be4a17e92ee

Targets

- Target
  
  download232.exe
- Size
  
  1022KB
- MD5
  
  e21ef2e82eb8428418cc2bb419f8219e
- SHA1
  
  c8d0baa12a48258c4e442c0f37449eeeab7140f9
- SHA256
  
  3ac990d234b64812738c0a185d10289abfb34d5ac6e60b8d52cc65cf455610aa
- SHA512
  
  9338f437b566334157e7d7372a8d27069b8f9c1ae11cddc5499f613c7e283fc4e8129bacec62c0bb73ef66e3d092cdc8c711e1a6f25a153ae5df70f83147e521
- SSDEEP
  
  12288:rMrIy906lGJumJac8Z/9rTaAMmO3p1Hxm1Cj3NHo+RZC98qF3jKCBUwZoNAU:vyHGsv9rTruJxjto+rC98UBnZoyU
Score

10^/10

redline diza infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedizainfostealerpersistence

behavioral2

redlinedizainfostealerpersistence