redline | 019fcd5fe16c803241d44945746361349847c8ffb05f479bcea7212f6fc52f81 | Triage

Sharing

General

Target

df725cc5affb15844d8f7ec66fb4b515.bin
Size

537KB
Sample

230606-cdfbtacb9x
MD5

736231083db138568827bb2744d63c07
SHA1

9c4c2cb5b004eacd91bbf3575f26f66ef649c394
SHA256

019fcd5fe16c803241d44945746361349847c8ffb05f479bcea7212f6fc52f81
SHA512

80ae677ecf38829a969e5e500bc6aee49bba59ee6e01710e9c9d6c0e64a4ba794df51508ae17047894d53e5b6c02222eb504ca3ddb1eb149eabae640797f6fa5
SSDEEP

12288:+muqCNn6/ckkWJUHngBO9B1cJ1mwiFNvvOpsMOhy3uPRtweTiwAhE:vb/z8HngOB1czeDOieuP7THF

Score

10^/10

redline diza infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

diza

C2

83.97.73.126:19046

Attributes

auth_value
0d09b419c8bc967f91c68be4a17e92ee

Targets

- Target
  
  cf876c9186eb271b9a2384302f4ae2c58f42b32aec870399cd80de473434c5d6.exe
- Size
  
  580KB
- MD5
  
  df725cc5affb15844d8f7ec66fb4b515
- SHA1
  
  27917c84aa928ec2fc4ad1949e93e9aceaaaa831
- SHA256
  
  cf876c9186eb271b9a2384302f4ae2c58f42b32aec870399cd80de473434c5d6
- SHA512
  
  f1f91eea1031b8944bfa06030a74c85b09931e58ca58a50ef58ab0922f9ad80559353f8ac12dfa35bcda580480289eb4fe9722f51c92498fd95bf50275784329
- SSDEEP
  
  12288:4Mrmy90imnulSHm64k5M2MrqPd7aXuYAirpzCXBHL7kiwoYMX5:+y9Vg358qtyHAKCiEX5
Score

10^/10

redline diza infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedizainfostealerpersistence

behavioral2

redlinedizainfostealerpersistence