redline | 4e73264a2a6acaab85bc27bc5cdf02f44c9fc1cfd0f0f3840ae577fd4f7060bb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4e73264a2a6acaab85bc27bc5cdf02f44c9fc1cfd0f0f3840ae577fd4f7060bb
Size

580KB
Sample

230605-f1qmvafe3x
MD5

5a1054b032371fa570c3b5ec35df7d35
SHA1

4de3b30225bb7cbd58eb8175b079f9b659bbbb0d
SHA256

4e73264a2a6acaab85bc27bc5cdf02f44c9fc1cfd0f0f3840ae577fd4f7060bb
SHA512

f4b190beebcfc0b292bcdefa6ff044706884fa35e8ede642d738702ef9997f5c0b57edf0dada4adbe4b7ed2bcfef2c4801483d98b0727ce8fc5dd94f3ec67a32
SSDEEP

12288:PMrWy90CuL70/+t3Yn7sXUl54+1gZTe4BWDMbwP:dyC/rt3YtgZTe4Bh8P

Score

10^/10

redline diza infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

diza

C2

83.97.73.126:19046

Attributes

auth_value
0d09b419c8bc967f91c68be4a17e92ee

Targets

- Target
  
  4e73264a2a6acaab85bc27bc5cdf02f44c9fc1cfd0f0f3840ae577fd4f7060bb
- Size
  
  580KB
- MD5
  
  5a1054b032371fa570c3b5ec35df7d35
- SHA1
  
  4de3b30225bb7cbd58eb8175b079f9b659bbbb0d
- SHA256
  
  4e73264a2a6acaab85bc27bc5cdf02f44c9fc1cfd0f0f3840ae577fd4f7060bb
- SHA512
  
  f4b190beebcfc0b292bcdefa6ff044706884fa35e8ede642d738702ef9997f5c0b57edf0dada4adbe4b7ed2bcfef2c4801483d98b0727ce8fc5dd94f3ec67a32
- SSDEEP
  
  12288:PMrWy90CuL70/+t3Yn7sXUl54+1gZTe4BWDMbwP:dyC/rt3YtgZTe4Bh8P
Score

10^/10

redline diza infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedizainfostealerpersistence