redline | 960fc3511c8f3cefa7ffe853eb63bcd079553426396de0c2852f85fb4ef02ead | Triage

Sharing

Copy URL Twitter E-mail

General

Target

960fc3511c8f3cefa7ffe853eb63bcd079553426396de0c2852f85fb4ef02ead
Size

584KB
Sample

230606-c1ezkacd2s
MD5

8937c510c54f6df19aa39589a95a754e
SHA1

5b1c39516c052e245c69d04d141676b8873dc726
SHA256

960fc3511c8f3cefa7ffe853eb63bcd079553426396de0c2852f85fb4ef02ead
SHA512

241cef23e97226cd810e3a355ba3998b1465fb5df299220b72663dfe77393aab5f3d9635f28127c5a35ac96b7850cad97e4a976bfb8034c7b106546e2f5c96d3
SSDEEP

12288:VMrmy90eYCQ3vOxm+zB/TECaxFb86mlTeKDp/sTdO3:jy1pXJThWFIReKDdF3

Score

10^/10

redline diza discovery infostealer persistence spyware stealer

Malware Config

Extracted

Family

redline

Botnet

diza

C2

83.97.73.126:19048

Attributes

auth_value
0d09b419c8bc967f91c68be4a17e92ee

Targets

- Target
  
  960fc3511c8f3cefa7ffe853eb63bcd079553426396de0c2852f85fb4ef02ead
- Size
  
  584KB
- MD5
  
  8937c510c54f6df19aa39589a95a754e
- SHA1
  
  5b1c39516c052e245c69d04d141676b8873dc726
- SHA256
  
  960fc3511c8f3cefa7ffe853eb63bcd079553426396de0c2852f85fb4ef02ead
- SHA512
  
  241cef23e97226cd810e3a355ba3998b1465fb5df299220b72663dfe77393aab5f3d9635f28127c5a35ac96b7850cad97e4a976bfb8034c7b106546e2f5c96d3
- SSDEEP
  
  12288:VMrmy90eYCQ3vOxm+zB/TECaxFb86mlTeKDp/sTdO3:jy1pXJThWFIReKDdF3
Score

10^/10

redline diza discovery infostealer persistence spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedizadiscoveryinfostealerpersistencespywarestealer