redline | 547b01aeaaf7d03d0c8328a6c2998089761d55c88e0940ce3fbf0e0725a911a8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

be34d9defd842eacc8847f254ad3b29c.bin
Size

538KB
Sample

230606-b5r91scb5x
MD5

f6b755ea760d0f421655b2de6e7cc846
SHA1

8c19d3b7dad9a23d03ddf53e5c6777b700ac6966
SHA256

547b01aeaaf7d03d0c8328a6c2998089761d55c88e0940ce3fbf0e0725a911a8
SHA512

b50781793e69bd70cf957cf9329cad6252314970a1790001b537743706d6e4d6901c50b1e3a129a7e7a34ad515280275156d784b2527ce6d2f0bbd46450c8346
SSDEEP

12288:xX9EcAnmiJWQKzjKwxDGT70HerpUmiD8IOvfl3HlF:jEcaPWQSKsG0+1wIl3lF

Score

10^/10

redline diza infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

diza

C2

83.97.73.126:19046

Attributes

auth_value
0d09b419c8bc967f91c68be4a17e92ee

Targets

- Target
  
  683f5114e5f6f5b9397b80b4fccd1d3e2f0ff02b8c1ab1c98781a1b344e0324d.exe
- Size
  
  581KB
- MD5
  
  be34d9defd842eacc8847f254ad3b29c
- SHA1
  
  e826092ec3504659b37bdcdb3626a648effb48d9
- SHA256
  
  683f5114e5f6f5b9397b80b4fccd1d3e2f0ff02b8c1ab1c98781a1b344e0324d
- SHA512
  
  db5a87736c31879ffd0bfa0b83d4842195ceb1c955d6b8784766d7e4e074b876aab0f69c3d30342de2020d33b361c6291cf02872f8b26292d92bfd425432a016
- SSDEEP
  
  12288:bMrMy90KKEQUOHiIz1mqu/Jtx6O0bE9ljsyFQJljIqX1qp+cB22:Dy3vQl/zsZHx6FEzF+KzgcA2
Score

10^/10

redline diza infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedizainfostealerpersistence

behavioral2

redlinedizainfostealerpersistence