redline | ded37aa507056d90841c0d326d36803e70dc2fc8d006246088eb0507f10f125a | Triage

Sharing

General

Target

ded37aa507056d90841c0d326d36803e70dc2fc8d006246088eb0507f10f125a
Size

767KB
Sample

230529-176ymadg52
MD5

b1e5a84e6ef60ceb6a69f8adb8fd445a
SHA1

3d57040bf0bd343223aea1c31084880f82d68bf0
SHA256

ded37aa507056d90841c0d326d36803e70dc2fc8d006246088eb0507f10f125a
SHA512

ed74cc51427cc613e2566fbea06bc7b678566c60af0b58a7daaeccc5be336c3024cbcba506f9f7607d7b6311a9230b3155c7365ca8bb03eda0b7ba26e78ef2a9
SSDEEP

12288:1MrRy90TIrpHnL3CNKfYZrNI9IXgTe03nwsD1RR/CFNyz3evGkBGInM8tIW+4EnM:cyFtH8RZrG+gTeY17RCF23eukoIM81+m

Score

10^/10

redline dina infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

dina

C2

83.97.73.122:19062

Attributes

auth_value
4f77073adc624269de1bff760b9bc471

Targets

- Target
  
  ded37aa507056d90841c0d326d36803e70dc2fc8d006246088eb0507f10f125a
- Size
  
  767KB
- MD5
  
  b1e5a84e6ef60ceb6a69f8adb8fd445a
- SHA1
  
  3d57040bf0bd343223aea1c31084880f82d68bf0
- SHA256
  
  ded37aa507056d90841c0d326d36803e70dc2fc8d006246088eb0507f10f125a
- SHA512
  
  ed74cc51427cc613e2566fbea06bc7b678566c60af0b58a7daaeccc5be336c3024cbcba506f9f7607d7b6311a9230b3155c7365ca8bb03eda0b7ba26e78ef2a9
- SSDEEP
  
  12288:1MrRy90TIrpHnL3CNKfYZrNI9IXgTe03nwsD1RR/CFNyz3evGkBGInM8tIW+4EnM:cyFtH8RZrG+gTeY17RCF23eukoIM81+m
Score

10^/10

redline dina infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedinainfostealerpersistence

behavioral2

redlinedinainfostealerpersistence