redline | 159463dee43611455ae7edebf0518f670a39926c405b2c37fadf6dd196a3b1f5 | Triage

Sharing

General

Target

fce7ead3250bc1287c04c213d43dcc29.bin
Size

987KB
Sample

230523-crfvhade27
MD5

99c32713d875449f4053791d1ec0a446
SHA1

b8e44f32f3674448f9fd7000d2036e131453b4db
SHA256

159463dee43611455ae7edebf0518f670a39926c405b2c37fadf6dd196a3b1f5
SHA512

07394fb826a5da9e6475a56b9cd5aca9595b90722e220e9e12262b418f192f3731cbe0109afe74f3dbe898aca54dbe025c019724e457358256856d929cf60d93
SSDEEP

24576:2DnRNwlPSkTKeKxsUk1r77eNoojmuF4VWey6:2DnoPDesRo9jmQzey6

Score

10^/10

redline diza infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

diza

C2

185.161.248.37:4138

Attributes

auth_value
0d09b419c8bc967f91c68be4a17e92ee

Targets

- Target
  
  d6e45d6b938e6eff9382d0b1c5ac247b1064a39eb79aa830e3b61470157b333c.exe
- Size
  
  1.0MB
- MD5
  
  fce7ead3250bc1287c04c213d43dcc29
- SHA1
  
  22ef077ef6dff28dc5b6cd35f162b892e4186a10
- SHA256
  
  d6e45d6b938e6eff9382d0b1c5ac247b1064a39eb79aa830e3b61470157b333c
- SHA512
  
  b8056f891f91e1c949a620351028999e8422c1315d19ccc2c9085f58470d6ee36e9e5ea93b50920c4419f51206ab8a062cc760bf4f42dff80051e2bd6e8e1634
- SSDEEP
  
  24576:ly0swK5sbyRwk70RsYl4CNKBufT30Tuk7/b:AiK5sbywl4C7fT30TT/
Score

10^/10

redline diza infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedizainfostealerpersistence

behavioral2

redlinedizainfostealerpersistence