redline | 8ab5674fcc3c9b4a0d509c4c14c231f581ef308a8af2dcf373ba492ba0639795 | Triage

Sharing

General

Target

8ab5674fcc3c9b4a0d509c4c14c231f581ef308a8af2dcf373ba492ba0639795
Size

760KB
Sample

230529-d85qmahe27
MD5

13e20284ca88bd97247c9f9c7c669c29
SHA1

1b28f7a71df60402fe9fc6a49f38b17dc8501700
SHA256

8ab5674fcc3c9b4a0d509c4c14c231f581ef308a8af2dcf373ba492ba0639795
SHA512

125fbb6a0d246bcaa1db02bf0943d2459f974635a8861fa8eabed9cd8c3da85377dc90be5e3b689bb42dac760ec9103d16c62a8fdd517e8712b7b907f3fb80da
SSDEEP

12288:vMrIy90pyJ0Y+YVY+ZZOR0fUBN542JHL6aQQ3n/7j3w0QKmzgboGyiM8rt3TQEN:PyoY7Zc1O2JHLp/nP3w0QKmzg5JyEN

Score

10^/10

redline dura infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

dura

C2

83.97.73.127:19062

Attributes

auth_value
44b7d6fb9572dea0d64d018139c3d208

Targets

- Target
  
  8ab5674fcc3c9b4a0d509c4c14c231f581ef308a8af2dcf373ba492ba0639795
- Size
  
  760KB
- MD5
  
  13e20284ca88bd97247c9f9c7c669c29
- SHA1
  
  1b28f7a71df60402fe9fc6a49f38b17dc8501700
- SHA256
  
  8ab5674fcc3c9b4a0d509c4c14c231f581ef308a8af2dcf373ba492ba0639795
- SHA512
  
  125fbb6a0d246bcaa1db02bf0943d2459f974635a8861fa8eabed9cd8c3da85377dc90be5e3b689bb42dac760ec9103d16c62a8fdd517e8712b7b907f3fb80da
- SSDEEP
  
  12288:vMrIy90pyJ0Y+YVY+ZZOR0fUBN542JHL6aQQ3n/7j3w0QKmzgboGyiM8rt3TQEN:PyoY7Zc1O2JHLp/nP3w0QKmzg5JyEN
Score

10^/10

redline dura infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedurainfostealerpersistence

behavioral2

redlinedurainfostealerpersistence