redline | 7ef05d1c93e6c3e0dcf4765355241902838ec006751a62a16071fd3be793adba | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7ef05d1c93e6c3e0dcf4765355241902838ec006751a62a16071fd3be793adba
Size

579KB
Sample

230605-nr118agh2x
MD5

41cb13e56c4c7125bb30ab441d1a757a
SHA1

0fda0f2a9488d41364b8ad4fecb8bc7b69274558
SHA256

7ef05d1c93e6c3e0dcf4765355241902838ec006751a62a16071fd3be793adba
SHA512

eed4f87b70ee7bbc1402d5ce1b5879068cc56a693c57598b73fe040c5e8c2e36f5214712fb5e8ad48c09ffc4079772524ceed8101815f4d470dc88a8282d0175
SSDEEP

12288:RMr+y90oAo25LQbEzSH441FWEmdgiU+NtzL9//R6DhYyMop:rywoMC441AVGalGDhYyN

Score

10^/10

redline diza discovery infostealer persistence spyware stealer

Malware Config

Extracted

Family

redline

Botnet

diza

C2

83.97.73.126:19046

Attributes

auth_value
0d09b419c8bc967f91c68be4a17e92ee

Targets

- Target
  
  7ef05d1c93e6c3e0dcf4765355241902838ec006751a62a16071fd3be793adba
- Size
  
  579KB
- MD5
  
  41cb13e56c4c7125bb30ab441d1a757a
- SHA1
  
  0fda0f2a9488d41364b8ad4fecb8bc7b69274558
- SHA256
  
  7ef05d1c93e6c3e0dcf4765355241902838ec006751a62a16071fd3be793adba
- SHA512
  
  eed4f87b70ee7bbc1402d5ce1b5879068cc56a693c57598b73fe040c5e8c2e36f5214712fb5e8ad48c09ffc4079772524ceed8101815f4d470dc88a8282d0175
- SSDEEP
  
  12288:RMr+y90oAo25LQbEzSH441FWEmdgiU+NtzL9//R6DhYyMop:rywoMC441AVGalGDhYyN
Score

10^/10

redline diza discovery infostealer persistence spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedizadiscoveryinfostealerpersistencespywarestealer