redline | ac854085087b61fb34ede24c3ca27bb10668f3db91377efa125bdf769d4f0e05 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

04080799.exe
Size

580KB
Sample

230604-xkpjaadb78
MD5

d8fc6def7413e81c32413cf5b562143c
SHA1

81bf64d2c27d8c7ebce9bb807eef92ecdc5d6376
SHA256

ac854085087b61fb34ede24c3ca27bb10668f3db91377efa125bdf769d4f0e05
SHA512

9dc4eceff4b721950a4afb6ab3a621f35846af0e66a3c93747c17b74a3d42e81d644799defa495144d878a59ba41a416627430dffb3d981e1958d5674a00ec32
SSDEEP

12288:/Mr4y904puSVZD/JJpHNMGpvg6qtkMQjcOLQmLu:vyxpTV/dt1oVsjcGQmLu

Score

10^/10

redline diza discovery infostealer persistence spyware stealer

Malware Config

Extracted

Family

redline

Botnet

diza

C2

83.97.73.126:19046

Attributes

auth_value
0d09b419c8bc967f91c68be4a17e92ee

Targets

- Target
  
  04080799.exe
- Size
  
  580KB
- MD5
  
  d8fc6def7413e81c32413cf5b562143c
- SHA1
  
  81bf64d2c27d8c7ebce9bb807eef92ecdc5d6376
- SHA256
  
  ac854085087b61fb34ede24c3ca27bb10668f3db91377efa125bdf769d4f0e05
- SHA512
  
  9dc4eceff4b721950a4afb6ab3a621f35846af0e66a3c93747c17b74a3d42e81d644799defa495144d878a59ba41a416627430dffb3d981e1958d5674a00ec32
- SSDEEP
  
  12288:/Mr4y904puSVZD/JJpHNMGpvg6qtkMQjcOLQmLu:vyxpTV/dt1oVsjcGQmLu
Score

10^/10

redline diza discovery infostealer persistence spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedizadiscoveryinfostealerpersistencespywarestealer

behavioral2

redlinedizadiscoveryinfostealerpersistencespywarestealer