redline | 4ae0fb21287875e7552b748c479f60d9bd0aba9ff815fe41413aa9e4440af2c9 | Triage

Sharing

General

Target

4ae0fb21287875e7552b748c479f60d9bd0aba9ff815fe41413aa9e4440af2c9
Size

584KB
Sample

230606-d7xnmace2z
MD5

9a55454aa112cc2522e77b8501c865a9
SHA1

b09e7b80f19bb430838895a23b60fd4712ec3c63
SHA256

4ae0fb21287875e7552b748c479f60d9bd0aba9ff815fe41413aa9e4440af2c9
SHA512

9c16e37bb0c9fe2500e46f6d543e248b3c8f6980fc9e3737288205c29f9c20ef9484272cb106b68755f5af87ef94b1279615c21e35363fa2bc00e2ab2e5d38c8
SSDEEP

12288:2Mray90E4+izMtuaIe2ZQaILczDLlZbOTbdvlUDBO86bTaRWouF:YyrrcaIPMQrbKjUDt6b1R

Score

10^/10

redline diza discovery infostealer persistence spyware stealer

Malware Config

Extracted

Family

redline

Botnet

diza

C2

83.97.73.126:19048

Attributes

auth_value
0d09b419c8bc967f91c68be4a17e92ee

Targets

- Target
  
  4ae0fb21287875e7552b748c479f60d9bd0aba9ff815fe41413aa9e4440af2c9
- Size
  
  584KB
- MD5
  
  9a55454aa112cc2522e77b8501c865a9
- SHA1
  
  b09e7b80f19bb430838895a23b60fd4712ec3c63
- SHA256
  
  4ae0fb21287875e7552b748c479f60d9bd0aba9ff815fe41413aa9e4440af2c9
- SHA512
  
  9c16e37bb0c9fe2500e46f6d543e248b3c8f6980fc9e3737288205c29f9c20ef9484272cb106b68755f5af87ef94b1279615c21e35363fa2bc00e2ab2e5d38c8
- SSDEEP
  
  12288:2Mray90E4+izMtuaIe2ZQaILczDLlZbOTbdvlUDBO86bTaRWouF:YyrrcaIPMQrbKjUDt6b1R
Score

10^/10

redline diza discovery infostealer persistence spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedizadiscoveryinfostealerpersistencespywarestealer