redline | 55c35329a5b0579f90bdd33fee3bb8d9b796bf6a36cfa89f57a9ec6c3190e358 | Triage

Sharing

General

Target

07340699.exe
Size

778KB
Sample

230603-pt1znsgg44
MD5

276b5d92cdc8eb8407f59d44374a930d
SHA1

9a153b9d0c572cfd88c519902982c48cd5fad89f
SHA256

55c35329a5b0579f90bdd33fee3bb8d9b796bf6a36cfa89f57a9ec6c3190e358
SHA512

11c56f422185cf1e9081c8b7ddc11268ea2575cf1a7844b4ab49c65d707a8e7eacc719685e1ea1b9501c0a0bea12cd27ba97f0115834b1a01a9f53b70cba0054
SSDEEP

24576:4ytrXhzG+eweqV9kXyqrrg4pGdztRI2S:/trcpwjV9kXyoM4YdztRF

Score

10^/10

redline dusa infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

dusa

C2

83.97.73.126:19046

Attributes

auth_value
ee896466545fedf9de5406175fb82de5

Targets

- Target
  
  07340699.exe
- Size
  
  778KB
- MD5
  
  276b5d92cdc8eb8407f59d44374a930d
- SHA1
  
  9a153b9d0c572cfd88c519902982c48cd5fad89f
- SHA256
  
  55c35329a5b0579f90bdd33fee3bb8d9b796bf6a36cfa89f57a9ec6c3190e358
- SHA512
  
  11c56f422185cf1e9081c8b7ddc11268ea2575cf1a7844b4ab49c65d707a8e7eacc719685e1ea1b9501c0a0bea12cd27ba97f0115834b1a01a9f53b70cba0054
- SSDEEP
  
  24576:4ytrXhzG+eweqV9kXyqrrg4pGdztRI2S:/trcpwjV9kXyoM4YdztRF
Score

10^/10

redline dusa infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedusainfostealerpersistence

behavioral2

redlinedusainfostealerpersistence