redline | da10639848828abec3841562e23a1b1b121c24f4fd6aea48f6e26af32475a768 | Triage

Sharing

General

Target

da10639848828abec3841562e23a1b1b121c24f4fd6aea48f6e26af32475a768
Size

584KB
Sample

230606-e2k83sce8x
MD5

238c2fa9eecea15c2ab80f21368b7f3f
SHA1

749adcb57c3d5b39d2fb63d27760a90207b65545
SHA256

da10639848828abec3841562e23a1b1b121c24f4fd6aea48f6e26af32475a768
SHA512

e2648ccfc1701470dc320313ba0ab3c45033fa3ff679934872c858e51cba1e0167a47d5b67d389615a48739d1ae5ef662e98c63a14b40ac9e19a33f53cd42cd7
SSDEEP

12288:aMray90dNiYf0Mywzr1jLOk7j9z1SMHjz:kyONzSwzNLOsj9Ycjz

Score

10^/10

redline diza infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

diza

C2

83.97.73.126:19048

Attributes

auth_value
0d09b419c8bc967f91c68be4a17e92ee

Targets

- Target
  
  da10639848828abec3841562e23a1b1b121c24f4fd6aea48f6e26af32475a768
- Size
  
  584KB
- MD5
  
  238c2fa9eecea15c2ab80f21368b7f3f
- SHA1
  
  749adcb57c3d5b39d2fb63d27760a90207b65545
- SHA256
  
  da10639848828abec3841562e23a1b1b121c24f4fd6aea48f6e26af32475a768
- SHA512
  
  e2648ccfc1701470dc320313ba0ab3c45033fa3ff679934872c858e51cba1e0167a47d5b67d389615a48739d1ae5ef662e98c63a14b40ac9e19a33f53cd42cd7
- SSDEEP
  
  12288:aMray90dNiYf0Mywzr1jLOk7j9z1SMHjz:kyONzSwzNLOsj9Ycjz
Score

10^/10

redline diza infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedizainfostealerpersistence