redline | b438a11ab68f628962fb4a2aa1b1e4ff2a0b496ae33c8bd0a3609dbf7f11e013 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b438a11ab68f628962fb4a2aa1b1e4ff2a0b496ae33c8bd0a3609dbf7f11e013
Size

585KB
Sample

230606-m6zahadc67
MD5

e23d7f8b06f5b96744dbece57d9e6872
SHA1

8d33cf9ab5646d484345b1a4994afdd6d583f271
SHA256

b438a11ab68f628962fb4a2aa1b1e4ff2a0b496ae33c8bd0a3609dbf7f11e013
SHA512

24cbe3a8769d5fd81d1dcaff982a9e70a11cab21d0e090c17af010fa7203e4b50dfd96b2135a14829ee62a123a9b2e88f59210f1bc09ea8155d3ed9652d7fa17
SSDEEP

12288:KMrjy90QtXJGVXVNq/xviymqdhMp8udPfHLmTHZE2xysS5MLeFpb:lyDtXJEzq5aymqdmHRfrIaMjLwJ

Score

10^/10

redline diza discovery infostealer persistence spyware stealer

Malware Config

Extracted

Family

redline

Botnet

diza

C2

83.97.73.126:19048

Attributes

auth_value
0d09b419c8bc967f91c68be4a17e92ee

Targets

- Target
  
  b438a11ab68f628962fb4a2aa1b1e4ff2a0b496ae33c8bd0a3609dbf7f11e013
- Size
  
  585KB
- MD5
  
  e23d7f8b06f5b96744dbece57d9e6872
- SHA1
  
  8d33cf9ab5646d484345b1a4994afdd6d583f271
- SHA256
  
  b438a11ab68f628962fb4a2aa1b1e4ff2a0b496ae33c8bd0a3609dbf7f11e013
- SHA512
  
  24cbe3a8769d5fd81d1dcaff982a9e70a11cab21d0e090c17af010fa7203e4b50dfd96b2135a14829ee62a123a9b2e88f59210f1bc09ea8155d3ed9652d7fa17
- SSDEEP
  
  12288:KMrjy90QtXJGVXVNq/xviymqdhMp8udPfHLmTHZE2xysS5MLeFpb:lyDtXJEzq5aymqdmHRfrIaMjLwJ
Score

10^/10

redline diza discovery infostealer persistence spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedizadiscoveryinfostealerpersistencespywarestealer