redline | 8c4381b054221437307c441f15751b1d4a16e1521b84d258e4f2c28f575a7dc1 | Triage

Sharing

General

Target

8c4381b054221437307c441f15751b1d4a16e1521b84d258e4f2c28f575a7dc1
Size

581KB
Sample

230605-de4apsfb61
MD5

55be4e5ade8ab6ee52c17e2bbf42a44d
SHA1

51b3a1656176e732d6bcda639b57add91d3e7e05
SHA256

8c4381b054221437307c441f15751b1d4a16e1521b84d258e4f2c28f575a7dc1
SHA512

b3e8be75e601b7ab3ac52c78ddfddb2b82c9b77691a9bbe50cd6ac3354d98a5a9ddcb4390a4336d4dde6d2afb759b0284e20aaf61728f8724bc80a1a0fd61ccf
SSDEEP

12288:PMray90B8uloo7iTzPEQOrwfay2VHcn7vC:Ry48eNETZO2aPynO

Score

10^/10

redline diza infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

diza

C2

83.97.73.126:19046

Attributes

auth_value
0d09b419c8bc967f91c68be4a17e92ee

Targets

- Target
  
  8c4381b054221437307c441f15751b1d4a16e1521b84d258e4f2c28f575a7dc1
- Size
  
  581KB
- MD5
  
  55be4e5ade8ab6ee52c17e2bbf42a44d
- SHA1
  
  51b3a1656176e732d6bcda639b57add91d3e7e05
- SHA256
  
  8c4381b054221437307c441f15751b1d4a16e1521b84d258e4f2c28f575a7dc1
- SHA512
  
  b3e8be75e601b7ab3ac52c78ddfddb2b82c9b77691a9bbe50cd6ac3354d98a5a9ddcb4390a4336d4dde6d2afb759b0284e20aaf61728f8724bc80a1a0fd61ccf
- SSDEEP
  
  12288:PMray90B8uloo7iTzPEQOrwfay2VHcn7vC:Ry48eNETZO2aPynO
Score

10^/10

redline diza infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedizainfostealerpersistence