redline | 0963f962b3199b184b536fd46dd4e695cdd09f9b6092c8c8b5a79b7bbff9ec38 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0963f962b3199b184b536fd46dd4e695cdd09f9b6092c8c8b5a79b7bbff9ec38
Size

580KB
Sample

230605-crpgmsee85
MD5

4f60d535a5b592978853b04de74ce31c
SHA1

7a8cc6e6cbb88d91070274832fe3513a90bb4127
SHA256

0963f962b3199b184b536fd46dd4e695cdd09f9b6092c8c8b5a79b7bbff9ec38
SHA512

197a9261c16ed8e4845d8ddcdf10fbbf5e1786072cba523ee3267350a5b263c9b4f9d10dad42c7a2b983042e8acc212b53b41af6b426527f07ab8d8b618aefb2
SSDEEP

12288:CMr+y90EFFOGma9u64HdcvXJKC0Hy8UOrbYS8i3Za:AynFr39u64H2ICU15hv3Za

Score

10^/10

redline diza infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

diza

C2

83.97.73.126:19046

Attributes

auth_value
0d09b419c8bc967f91c68be4a17e92ee

Targets

- Target
  
  0963f962b3199b184b536fd46dd4e695cdd09f9b6092c8c8b5a79b7bbff9ec38
- Size
  
  580KB
- MD5
  
  4f60d535a5b592978853b04de74ce31c
- SHA1
  
  7a8cc6e6cbb88d91070274832fe3513a90bb4127
- SHA256
  
  0963f962b3199b184b536fd46dd4e695cdd09f9b6092c8c8b5a79b7bbff9ec38
- SHA512
  
  197a9261c16ed8e4845d8ddcdf10fbbf5e1786072cba523ee3267350a5b263c9b4f9d10dad42c7a2b983042e8acc212b53b41af6b426527f07ab8d8b618aefb2
- SSDEEP
  
  12288:CMr+y90EFFOGma9u64HdcvXJKC0Hy8UOrbYS8i3Za:AynFr39u64H2ICU15hv3Za
Score

10^/10

redline diza infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedizainfostealerpersistence