redline | 0c906a72201be027fdb1728a0f79e321cb9089361a3be314eb5389bd8a7d9383 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0c906a72201be027fdb1728a0f79e321cb9089361a3be314eb5389bd8a7d9383
Size

581KB
Sample

230605-ftrlkafd9y
MD5

7cd3229bd415e3d546b691efa08e3dfc
SHA1

53c0fc7bd0d199472674b19d7d3ace6ac6f2a413
SHA256

0c906a72201be027fdb1728a0f79e321cb9089361a3be314eb5389bd8a7d9383
SHA512

b9c6c0c1b8431fef9348f7ccae9fad989b80d7d4ee37002038c33092a69cdba1d837ef7855226c8857909906be1526ab9b0e82a4961b5dee9200ca6ad9dfe894
SSDEEP

12288:HMrWy90f6JPOxqAk0lW2YvgWC1nF+3Hem19JKXg7:pyQzx5vI2wgWF+m1bKm

Score

10^/10

redline diza infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

diza

C2

83.97.73.126:19046

Attributes

auth_value
0d09b419c8bc967f91c68be4a17e92ee

Targets

- Target
  
  0c906a72201be027fdb1728a0f79e321cb9089361a3be314eb5389bd8a7d9383
- Size
  
  581KB
- MD5
  
  7cd3229bd415e3d546b691efa08e3dfc
- SHA1
  
  53c0fc7bd0d199472674b19d7d3ace6ac6f2a413
- SHA256
  
  0c906a72201be027fdb1728a0f79e321cb9089361a3be314eb5389bd8a7d9383
- SHA512
  
  b9c6c0c1b8431fef9348f7ccae9fad989b80d7d4ee37002038c33092a69cdba1d837ef7855226c8857909906be1526ab9b0e82a4961b5dee9200ca6ad9dfe894
- SSDEEP
  
  12288:HMrWy90f6JPOxqAk0lW2YvgWC1nF+3Hem19JKXg7:pyQzx5vI2wgWF+m1bKm
Score

10^/10

redline diza infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedizainfostealerpersistence