redline | 5e44315ce1502e3592f614e7da161173732e3e9a5e70a610dccc654b25f96671 | Triage

Sharing

General

Target

5e44315ce1502e3592f614e7da161173732e3e9a5e70a610dccc654b25f96671
Size

584KB
Sample

230606-e6pr3acf2s
MD5

4e55e517797a7dcde95e31447b31c659
SHA1

b76e9db5e5d9272b618806c35ce7ab11d8b39eb1
SHA256

5e44315ce1502e3592f614e7da161173732e3e9a5e70a610dccc654b25f96671
SHA512

90b36d603bbf5118c998c68746deab5847d318a838dff421fd464fab42c4e4316f1eb4e8691cb3409fe9a71a532c49fea8a29e9fe8240506b09350a0e05060db
SSDEEP

12288:QMrWy90K4EEx8cAepVZNl+E73i5wMtaMQZ4:WyGHpqETi5wMcMQZ4

Score

10^/10

redline diza infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

diza

C2

83.97.73.126:19048

Attributes

auth_value
0d09b419c8bc967f91c68be4a17e92ee

Targets

- Target
  
  5e44315ce1502e3592f614e7da161173732e3e9a5e70a610dccc654b25f96671
- Size
  
  584KB
- MD5
  
  4e55e517797a7dcde95e31447b31c659
- SHA1
  
  b76e9db5e5d9272b618806c35ce7ab11d8b39eb1
- SHA256
  
  5e44315ce1502e3592f614e7da161173732e3e9a5e70a610dccc654b25f96671
- SHA512
  
  90b36d603bbf5118c998c68746deab5847d318a838dff421fd464fab42c4e4316f1eb4e8691cb3409fe9a71a532c49fea8a29e9fe8240506b09350a0e05060db
- SSDEEP
  
  12288:QMrWy90K4EEx8cAepVZNl+E73i5wMtaMQZ4:WyGHpqETi5wMcMQZ4
Score

10^/10

redline diza infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedizainfostealerpersistence