redline | 1f7b2d0064d71b70373ccadfd30fb385f79b80b98010b5a87b5222f63dbb67df | Triage

Sharing

General

Target

1f7b2d0064d71b70373ccadfd30fb385f79b80b98010b5a87b5222f63dbb67df
Size

767KB
Sample

230525-vya7psbe22
MD5

62c3bd4fe464ec04a318c9002d74cb72
SHA1

d9b014e9b6fba2f2472d214550d038edc6295a40
SHA256

1f7b2d0064d71b70373ccadfd30fb385f79b80b98010b5a87b5222f63dbb67df
SHA512

f69ef183a3b7263bbc8d73f9d22a06fda59aa837947ea563ac9de1b549bc0128a6d34be813f04cd49ff2c7ff9a0d5b9567425a425a4b2ef1c70191788542b8b4
SSDEEP

12288:VMroy90d1nExXzlQl3fjIXwhCxFLuxv7xVpS7c1xHAwgS+fyavZsjWLEwRX:RyrXzlIfjuH3uxvBS7c1xHAwf+qOsjaN

Score

10^/10

redline dina infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

dina

C2

83.97.73.122:19062

Attributes

auth_value
4f77073adc624269de1bff760b9bc471

Targets

- Target
  
  1f7b2d0064d71b70373ccadfd30fb385f79b80b98010b5a87b5222f63dbb67df
- Size
  
  767KB
- MD5
  
  62c3bd4fe464ec04a318c9002d74cb72
- SHA1
  
  d9b014e9b6fba2f2472d214550d038edc6295a40
- SHA256
  
  1f7b2d0064d71b70373ccadfd30fb385f79b80b98010b5a87b5222f63dbb67df
- SHA512
  
  f69ef183a3b7263bbc8d73f9d22a06fda59aa837947ea563ac9de1b549bc0128a6d34be813f04cd49ff2c7ff9a0d5b9567425a425a4b2ef1c70191788542b8b4
- SSDEEP
  
  12288:VMroy90d1nExXzlQl3fjIXwhCxFLuxv7xVpS7c1xHAwgS+fyavZsjWLEwRX:RyrXzlIfjuH3uxvBS7c1xHAwf+qOsjaN
Score

10^/10

redline dina infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedinainfostealerpersistence