redline | 35e838568f3e8695f6082980816849de4b92184eaec2a20e044c0614e3a69711 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

35e838568f3e8695f6082980816849de4b92184eaec2a20e044c0614e3a69711
Size

584KB
Sample

230606-ge4g9acg3w
MD5

1ede79f572db0a1c1a52dc8b02bfb61c
SHA1

92d9f535504ab2f52ebe7936eafd432f057744a6
SHA256

35e838568f3e8695f6082980816849de4b92184eaec2a20e044c0614e3a69711
SHA512

7cf4e7347418d9215c63aad2a57fb93a4f563a12b0f1b0634c8942215b3bc95388a0ac93a83a10fedc23af7e6af60f4875b4a14cefce533715924ebefddac577
SSDEEP

12288:sMr6y90TbmO1ZDCSkxkVPZN0iMi/vxopr0EPTh2YoGVGPD1iW:Oy258M00BCr/oYoU8d

Score

10^/10

redline diza infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

diza

C2

83.97.73.126:19048

Attributes

auth_value
0d09b419c8bc967f91c68be4a17e92ee

Targets

- Target
  
  35e838568f3e8695f6082980816849de4b92184eaec2a20e044c0614e3a69711
- Size
  
  584KB
- MD5
  
  1ede79f572db0a1c1a52dc8b02bfb61c
- SHA1
  
  92d9f535504ab2f52ebe7936eafd432f057744a6
- SHA256
  
  35e838568f3e8695f6082980816849de4b92184eaec2a20e044c0614e3a69711
- SHA512
  
  7cf4e7347418d9215c63aad2a57fb93a4f563a12b0f1b0634c8942215b3bc95388a0ac93a83a10fedc23af7e6af60f4875b4a14cefce533715924ebefddac577
- SSDEEP
  
  12288:sMr6y90TbmO1ZDCSkxkVPZN0iMi/vxopr0EPTh2YoGVGPD1iW:Oy258M00BCr/oYoU8d
Score

10^/10

redline diza infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedizainfostealerpersistence