redline | 8bcad15880455bf3c58ee82de143205c27e625c923cc96d2ebb198cfe6a8685c | Triage

Sharing

General

Target

8bcad15880455bf3c58ee82de143205c27e625c923cc96d2ebb198cfe6a8685c
Size

584KB
Sample

230606-fwq3tacf7z
MD5

6f86d05e774077c7eaa0b0019bdb535f
SHA1

2764174a9d721b6910e1072fa8ae26779615a2fe
SHA256

8bcad15880455bf3c58ee82de143205c27e625c923cc96d2ebb198cfe6a8685c
SHA512

5ab81293284105e8d3fb15b36e4217f90304d3f133e63f081686a038f2e4e7724e3d52a504809f493c7d9f7d638a36c52c1dfe04b36f1fc6e93ef15cfaeb9089
SSDEEP

12288:vMrCy90BgV9sGmCUbJxVrMNAvdSXoOC2nQi3dOlI1zj:lyR9s8SJxZNdSXoOC8OiJj

Score

10^/10

redline diza infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

diza

C2

83.97.73.126:19048

Attributes

auth_value
0d09b419c8bc967f91c68be4a17e92ee

Targets

- Target
  
  8bcad15880455bf3c58ee82de143205c27e625c923cc96d2ebb198cfe6a8685c
- Size
  
  584KB
- MD5
  
  6f86d05e774077c7eaa0b0019bdb535f
- SHA1
  
  2764174a9d721b6910e1072fa8ae26779615a2fe
- SHA256
  
  8bcad15880455bf3c58ee82de143205c27e625c923cc96d2ebb198cfe6a8685c
- SHA512
  
  5ab81293284105e8d3fb15b36e4217f90304d3f133e63f081686a038f2e4e7724e3d52a504809f493c7d9f7d638a36c52c1dfe04b36f1fc6e93ef15cfaeb9089
- SSDEEP
  
  12288:vMrCy90BgV9sGmCUbJxVrMNAvdSXoOC2nQi3dOlI1zj:lyR9s8SJxZNdSXoOC8OiJj
Score

10^/10

redline diza infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedizainfostealerpersistence