redline | edeea598ecb9280b8d791c7012e13fbb9ca4ef6e8cac275f6a1aaba14c2556b4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

edeea598ecb9280b8d791c7012e13fbb9ca4ef6e8cac275f6a1aaba14c2556b4
Size

584KB
Sample

230606-frnrwscf6x
MD5

634e593e67e50b75c9db230793b5af53
SHA1

9571aed10f39d1f7f97c318ccadbaa5808f97922
SHA256

edeea598ecb9280b8d791c7012e13fbb9ca4ef6e8cac275f6a1aaba14c2556b4
SHA512

92b6453993a473542719cdc2f06d9f6e38a0a9ea724a476779182cac50e6426e4fe4467475780dbc870a83070590895a669c01a84beb2255089bfc182f86496e
SSDEEP

12288:IMrOy90j08xMsZ6QO1sKoGAVmrtBkUlVrvSP1E:2yKeQOsGAVmr96P2

Score

10^/10

redline diza infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

diza

C2

83.97.73.126:19048

Attributes

auth_value
0d09b419c8bc967f91c68be4a17e92ee

Targets

- Target
  
  edeea598ecb9280b8d791c7012e13fbb9ca4ef6e8cac275f6a1aaba14c2556b4
- Size
  
  584KB
- MD5
  
  634e593e67e50b75c9db230793b5af53
- SHA1
  
  9571aed10f39d1f7f97c318ccadbaa5808f97922
- SHA256
  
  edeea598ecb9280b8d791c7012e13fbb9ca4ef6e8cac275f6a1aaba14c2556b4
- SHA512
  
  92b6453993a473542719cdc2f06d9f6e38a0a9ea724a476779182cac50e6426e4fe4467475780dbc870a83070590895a669c01a84beb2255089bfc182f86496e
- SSDEEP
  
  12288:IMrOy90j08xMsZ6QO1sKoGAVmrtBkUlVrvSP1E:2yKeQOsGAVmr96P2
Score

10^/10

redline diza infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedizainfostealerpersistence