redline | d3bd173f53d2b86d9846164297c24d9a174933136c87d82878f416f692366d84 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d3bd173f53d2b86d9846164297c24d9a174933136c87d82878f416f692366d84
Size

755KB
Sample

230601-3j4vgahd3t
MD5

35b97b9e4e1b1fc2f24b941215458377
SHA1

153051b2575566068de600f621e67d8939d12f4b
SHA256

d3bd173f53d2b86d9846164297c24d9a174933136c87d82878f416f692366d84
SHA512

e96d05d9bf6266134c7cb289a3e121f65425c57b99e8338cf7c50ead3b0d1ab410eda068a9bcfa7a9bac349e81ceffafa14a3ec6ed1be97e6602e956d7c959ac
SSDEEP

12288:rMrXy906m7uMWFGltwZpTI+sf46G7XGsn7PhNj9WqlneLZpJGvhKl2:8yR+WFGYu87/T7j9tULfJGvp

Score

10^/10

redline dars infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

dars

C2

83.97.73.127:19045

Attributes

auth_value
7cd208e6b6c927262304d5d4d88647fd

Targets

- Target
  
  d3bd173f53d2b86d9846164297c24d9a174933136c87d82878f416f692366d84
- Size
  
  755KB
- MD5
  
  35b97b9e4e1b1fc2f24b941215458377
- SHA1
  
  153051b2575566068de600f621e67d8939d12f4b
- SHA256
  
  d3bd173f53d2b86d9846164297c24d9a174933136c87d82878f416f692366d84
- SHA512
  
  e96d05d9bf6266134c7cb289a3e121f65425c57b99e8338cf7c50ead3b0d1ab410eda068a9bcfa7a9bac349e81ceffafa14a3ec6ed1be97e6602e956d7c959ac
- SSDEEP
  
  12288:rMrXy906m7uMWFGltwZpTI+sf46G7XGsn7PhNj9WqlneLZpJGvhKl2:8yR+WFGYu87/T7j9tULfJGvp
Score

10^/10

redline dars infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedarsinfostealerpersistence